Lead Principal Security Engineer

Oracle Corp

NY

JOB DETAILS
SALARY
$130,000–$306,400 Per Year
SKILLS
ARM (Advanced RISC Machine), Accidental Death and Dismemberment (AD&D), Artificial Intelligence (AI), Best Practices, C Programming Language, C++ Programming Language, Cloud Computing, Communication Skills, Computer Architecture, Computer Engineering, Computer Firmware, Computer Hardware, Computer Science, Computer Systems, Consulting, Continuous Deployment/Delivery, Continuous Integration, Cryptography, Customer Relations, Dental Insurance, DevOps, Electrical Engineering, Embedded Systems, Financial Planning, Flexible Spending Accounts, Go Programming Language (Golang), Hardware Architecture, Hardware Design, Healthcare, I2C, Intel Product Family, Java, Leadership, Legal, Life Insurance, Maintain Compliance, Network Architecture/Engineering, Network Operations Center, Occupational Health, Operations Security (OPSEC), Oracle, Organizational Skills, Presentation/Verbal Skills, Process Improvement, Programming Languages, Property Insurance, Publications, Python Programming/Scripting Language, RS-232, Requirements Management, Reverse Engineering, Risk Analysis, Risk Management, Ruby, Schematics, Security Analysis, Security Architecture, Security Compliance, Security Consulting, Security Infrastructure, Security Monitoring, Software Engineering, Standards Organizations, Stock Purchase Plans, Supply Chain Operations, Systems Analysis, Test Requirements, Thought Leadership, Threat Modeling, Threat and risk analysis (TRA), Training/Teaching, Validation Plan, Virtual Hosting, Virtualization, Vision Plan, Writing Skills, x86 Assembly Language
LOCATION
NY
POSTED
12 days ago

The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world's biggest challenges.

As a Consulting Hardware Security Engineer you will be involved in ensuring that the compute hardware that is used in the Oracle Cloud Infrastructure meets the security bar to ensure compliance with our security posture. You will define security requirements for hardware ensuring hardware does not preclude inclusion of security controls essential to meet or exceed our posture. You will work closely across Oracle, with third party vendors, and with standards organization to influence the next generation of hardware platform security. You will also works closely with OCI''s operations and engineering teams, constantly striving to improve Oracle Cloud''s overall operational security posture by defining the supply chain and operational requirements to establish best practices for managing security for devices in our cloud infrastructure.

Our consulting hardware security engineers have a blend of hardware, firmware and security skills, enabling them to help design and assess our most complex compute systems.

Only Oracle brings together the data, infrastructure, applications, and expertise to power everything from industry innovations to life-saving care. And with AI embedded across our products and services, we help customers turn that promise into a better future for all. Discover your potential at a company leading the way in AI and cloud solutions that impact billions of lives.

True innovation starts when everyone is empowered to contribute. That's why we're committed to growing a workforce that promotes opportunities for all with competitive benefits that support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling 1-888-404-2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Disclaimer:

Certain U.S. based or U.S. customer or client-facing roles may be required to comply with applicable requirements, such as immunization/occupational health mandates, and/or drug testing requirements.

Range and benefit information provided in this posting are specific to the stated locations only

US: Hiring Range in USD from: $130,000 to $306,400 per annum. May be eligible for bonus, equity, and compensation deferral.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle''s differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following:

  1. Medical, dental, and vision insurance, including expert medical opinion

  2. Short term disability and long term disability

  3. Life insurance and AD&D

  4. Supplemental life insurance (Employee/Spouse/Child)

  5. Health care and dependent care Flexible Spending Accounts

  6. Pre-tax commuter and parking benefits

  7. 401(k) Savings and Investment Plan with company match

  8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

  9. 11 paid holidays

  10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

  11. Paid parental leave

  12. Adoption assistance

  13. Employee Stock Purchase Plan

  14. Financial planning and group legal

  15. Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.

Career Level - IC5

Key Responsibilities

  • Definition of security requirements for hardware enabling OCI security posture aligning business needs and technology trends

  • Provide independent design consulting for complex compute systems, balancing business objective and security risks to implement:

  • requirements specified by the hardware security team

  • features required to achieve security bar

  • operations (provisioning, re-use, decommissioning) inline with security posture

  • Hands on

  • security assessments of complex compute systems to ensure they meets requirements.

  • adversarial assessments to ensure they can't be compromised.

  • Breakdown complex systems for analysis, assign parts to other members of the team, collaborate on synthesizing the inputs and forming a holistic assessment, contextualized to cloud environments

  • Understand business objectives/requirements and assess risk from findings/threat models and identify proper risk mitigation controls

  • Work across to teams to ensure requirements, findings and recommendations are implemented inline with expected outcomes

  • Communicate risks and options to mitigate to senior leadership, balancing security, technology and business goals

  • Identify opportunities for security and process improvements and drive them across the organization

  • Advance state of the industry security knowledge through individual research contribution

  • Follow developments and trends in their area of subject matter expertise and educate the business and security organization of the developments

  • Mentor junior engineers

Minimum Qualifications

  • Bachelor''s degree in Electrical Engineering, Computer Science or related field or equivalent experience

  • 10+ years of experience in hardware security architecture / engineering / validation / planning or related area

  • Demonstrated competency in hardware/firmware with a focus on security

  • Competency with computer architecture

  • Subject Matter Expertise in two or more of the following areas:

  • Root Of Trust (TCG SRTM, DRTM)

  • x86 (Intel, AMD), ARM server platform architecture, UEFI

  • GPU platforms, rackscale systems, clustering

  • Baseboard Management Controllers

  • SmartNICs (DPUs)

  • Storage devices

  • Security concepts and standards associated Attestation (Ex: SPDM), cryptography, Secureboot, DICE etc.

  • Ability to work with most common programming languages (C, C++, Java, Python, Ruby, Go, Rust)

  • Ability to read and review complex hardware system/platform level schematics for security concerns

  • Experience with reversing tools and ability to reverse engineer

  • Extensive research or experience with multiple classes of security bugs

  • Specification and/or design of hardware security features

Preferred Qualifications

  • Ability to read and understand x86 and/or ARM assembly language
  • Knowledge of vendor-specific TEE technologies such as Intel SGX
  • Familiarity with common embedded communications interfaces (SPI, I2C, RS232-style serial)
  • Knowledge of host and network virtualization technologies and how to use them securely
  • Knowledge of enterprise and/or datacenter networking architecture
  • Experience operating in a large-scale DevOps or CICD environment
  • Ability to write clear and concise product security requirements
  • Ability to effectively assess risk from findings and threat models and identify proper risk mitigation controls
  • Ability to succeed individually or collaboratively, whether working internally or with external organizations and individuals
  • Significant experience working effectively in a large and distributed company
  • Excellent organizational, verbal and written communication skills
  • Conducting training / thought leadership / conference talks / publications

Key Responsibilities

  • Definition of security requirements for hardware enabling OCI security posture aligning business needs and technology trends

  • Provide independent design consulting for complex compute systems, balancing business objective and security risks to implement:

  • requirements specified by the hardware security team

  • features required to achieve security bar

  • operations (provisioning, re-use, decommissioning) inline with security posture

  • Hands on

  • security assessments of complex compute systems to ensure they meets requirements.

  • adversarial assessments to ensure they can't be compromised.

  • Breakdown complex systems for analysis, assign parts to other members of the team, collaborate on synthesizing the inputs and forming a holistic assessment, contextualized to cloud environments

  • Understand business objectives/requirements and assess risk from findings/threat models and identify proper risk mitigation controls

  • Work across to teams to ensure requirements, findings and recommendations are implemented inline with expected outcomes

  • Communicate risks and options to mitigate to senior leadership, balancing security, technology and business goals

  • Identify opportunities for security and process improvements and drive them across the organization

  • Advance state of the industry security knowledge through individual research contribution

  • Follow developments and trends in their area of subject matter expertise and educate the business and security organization of the developments

  • Mentor junior engineers

Minimum Qualifications

  • Bachelor''s degree in Electrical Engineering, Computer Science or related field or equivalent experience

  • 10+ years of experience in hardware security architecture / engineering / validation / planning or related area

  • Demonstrated competency in hardware/firmware with a focus on security

  • Competency with computer architecture

  • Subject Matter Expertise in two or more of the following areas:

  • Root Of Trust (TCG SRTM, DRTM)

  • x86 (Intel, AMD), ARM server platform architecture, UEFI

  • GPU platforms, rackscale systems, clustering

  • Baseboard Management Controllers

  • SmartNICs (DPUs)

  • Storage devices

  • Security concepts and standards associated Attestation (Ex: SPDM), cryptography, Secureboot, DICE etc.

  • Ability to work with most common programming languages (C, C++, Java, Python, Ruby, Go, Rust)

  • Ability to read and review complex hardware system/platform level schematics for security concerns

  • Experience with reversing tools and ability to reverse engineer

  • Extensive research or experience with multiple classes of security bugs

  • Specification and/or design of hardware security features

Preferred Qualifications

  • Ability to read and understand x86 and/or ARM assembly language
  • Knowledge of vendor-specific TEE technologies such as Intel SGX
  • Familiarity with common embedded communications interfaces (SPI, I2C, RS232-style serial)
  • Knowledge of host and network virtualization technologies and how to use them securely
  • Knowledge of enterprise and/or datacenter networking architecture
  • Experience operating in a large-scale DevOps or CICD environment
  • Ability to write clear and concise product security requirements
  • Ability to effectively assess risk from findings and threat models and identify proper risk mitigation controls
  • Ability to succeed individually or collaboratively, whether working internally or with external organizations and individuals
  • Significant experience working effectively in a large and distributed company
  • Excellent organizational, verbal and written communication skills
  • Conducting training / thought leadership / conference talks / publications

About the Company

O

Oracle Corp

For over three decades, Oracle has been the center of innovation for business software birthplace of the first commercially available relational database, the first suite of internet-based applications, and the next-generation enterprise-computing platform, Oracle Fusion. Today, Oracle provides the world's most complete, open, and integrated business software and hardware systems, with more than 370,000 customers including - 100 of the Fortune 100 - representing a variety of sizes and industries in more than 145 countries around the globe. And Oracle's 110,000 global employees - including 30,000 developers working full-time on Oracle products -are critical to that success. Oracle Supports Workforce Diversity
COMPANY SIZE
10,000 employees or more
INDUSTRY
Computer/IT Services
FOUNDED
1977