Lead Principal Security Engineer

Oracle Oracle · Enterprise · United States

Lead Principal Security Engineer for Oracle Cloud Infrastructure (OCI) focusing on ensuring compute hardware meets security requirements and compliance. Responsibilities include defining security requirements, providing design consulting, performing security and adversarial assessments, and influencing next-generation hardware platform security. The role requires expertise in hardware/firmware security, computer architecture, and specific security domains like Root of Trust, x86/ARM platforms, and cryptography. The engineer will also mentor junior staff and contribute to industry security knowledge.

What you'd actually do

  1. Definition of security requirements for hardware enabling OCI security posture aligning business needs and technology trends
  2. Provide independent design consulting for complex compute systems, balancing business objective and security risks to implement:
  3. security assessments of complex compute systems to ensure they meets requirements.
  4. Breakdown complex systems for analysis, assign parts to other members of the team, collaborate on synthesizing the inputs and forming a holistic assessment, contextualized to cloud environments
  5. Communicate risks and options to mitigate to senior leadership, balancing security, technology and business goals

Skills

Required

  • hardware security architecture
  • hardware security engineering
  • hardware security validation
  • hardware security planning
  • hardware/firmware security
  • computer architecture
  • Root of Trust (TCG SRTM, DRTM)
  • x86 (Intel, AMD), ARM server platform architecture, UEFI
  • GPU platforms, rackscale systems, clustering
  • Baseboard Management Controllers
  • SmartNICs (DPUs)
  • Storage devices
  • Attestation (Ex: SPDM)
  • cryptography
  • Secureboot
  • DICE
  • C, C++, Java, Python, Ruby, Go, Rust
  • read and review complex hardware system/platform level schematics
  • reversing tools
  • reverse engineer
  • multiple classes of security bugs
  • design of hardware security features

Nice to have

  • x86 and/or ARM assembly language
  • Intel SGX
  • SPI, I2C, RS232-style serial
  • host and network virtualization technologies
  • enterprise and/or datacenter networking architecture
  • DevOps or CICD environment
  • write clear and concise product security requirements
  • assess risk from findings and threat models
  • identify proper risk mitigation controls
  • succeed individually or collaboratively
  • working effectively in a large and distributed company
  • organizational, verbal and written communication skills
  • Conducting training / thought leadership / conference talks / publications

What the JD emphasized

  • hardware security architecture
  • hardware security features
  • hardware security