Principal Security Engineer

Oracle Oracle · Enterprise · United States

Principal Security Engineer for Oracle Cloud Infrastructure (OCI) focusing on ensuring compute hardware meets security requirements and compliance. The role involves defining security requirements, providing design consulting, performing security and adversarial assessments, assessing risk, and mentoring junior engineers. Requires a blend of hardware, firmware, and security skills, with expertise in areas like Root of Trust, server platforms, or GPUs, and knowledge of security concepts and standards.

What you'd actually do

  1. Definition of security requirements for hardware enabling OCI security posture aligning business needs and technology trends
  2. Provide independent design consulting in area of expertise to implement:
  3. security assessments of compute devices to ensure device meets requirements.
  4. adversarial assessments of compute devices to ensure they can’t be compromised.
  5. Assess risk from findings and threat models and identify proper risk mitigation controls

Skills

Required

  • hardware security architecture
  • hardware security engineering
  • hardware security validation
  • hardware security planning
  • hardware/firmware security
  • computer architecture
  • Root of Trust (TCG SRTM, DRTM)
  • x86 (Intel, AMD), ARM server platform architecture, UEFI
  • GPU platforms, rackscale systems, clustering
  • Baseboard Management Controllers
  • SmartNICs (DPUs)
  • Storage devices
  • Attestation (Ex: SPDM) and measurements
  • cryptography
  • Secureboot
  • DICE
  • C
  • C++
  • Java
  • Python
  • Ruby
  • Go
  • Rust
  • read and review hardware schematics
  • reversing tools
  • reverse engineer

Nice to have

  • x86 and/or ARM assembly language
  • Intel SGX
  • SPI
  • I2C
  • RS232-style serial
  • enterprise networking architecture
  • datacenter networking architecture
  • DevOps
  • CICD environment
  • product security requirements
  • risk assessment
  • threat models
  • risk mitigation controls
  • organizational skills
  • verbal communication skills
  • written communication skills

What the JD emphasized

  • hardware security architecture
  • hardware security
  • firmware
  • security posture
  • security requirements