Security Analyst

Position: Security Analyst 4
** Job Description*
* Job Description:

Oracle Cloud Infrastructure (OCI) Hardware team is seeking a highly driven hardware/firmware security expert at the Principal Engineer level to participate in organizational wide Security

Assurance program while also remaining involved in technical security reviews and having the opportunity to work on code level security. All engineering teams at Oracle are required to follow

security best practices on how to make smart choices that build security into our products and services. These Oracle Software Security Assurance Standards (OSSA) and Oracle Hardware Security Assurance (OHWSA) standards provide guidance cross the entire lifecycle of component selection / in-take, product design, development, testing, release/deployment, and vulnerability/patch management. The OCI Hardware Development team provides the AI, GPUs, components of Oracle's AI hardware platform hardware and firmware used in Oracle Cloud and in Oracle Engineered Systems including Oracle Exadata.

The OCI Hardware organization you will join has delivered the first and second generation of Oracle cloud platforms and is working to build the next generation of cloud

and enterprise systems, with record breaking-performance, security, and world class quality using the latest and greatest merchant silicon and technologies.

Job Summary:

As a part of the OCI Hardware/Firmware Security team the candidate will work closely with the team's Chief Security Architect. The role is focused on managing and participating in all aspects of the OCI Release Management (ORM);
Oracle's Hardware Security Assurance (OSSA);
Oracle Hardware/Software Security Vendor Intake program and Manage HW/FW security vulnerabilities end to end - from triage to mitigation planning and rollout to customer messaging as wells as opportunities to work on security projects and initiatives defined by the Chief Security Architect. The scope spans both hardware and firmware, Oracle internal teams as well as external partners and extends from Oracle team education and support, to performing technical security and process reviews and to ensuring that Oracle's  partners understand Oracle's security requirements for the future.

Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.

** Responsibilities*
* Responsibilities:

o Monitor vendor embargoed advisories (Intel, AMD, NVIDIA, ARM, etc.), VINCE, and other sources for hardware and firmware vulnerabilities.

o Perform risk analysis and threat modeling to triage applicability and risk of vulnerabilities to Oracle hardware products and platforms.

o Drive and track mitigation of vulnerabilities across various OCI teams and stakeholders through rollout.

o Communicate risk and mitigation plan to internal teams, leadership, and customers through legally approved messaging.

o Familiarity with python in order to run internal tools that aid with vul mgmt.

o Helping engineering teams plan for security reviews of the HW/FW technologies which are being considered for use

o Ensuring that teams create the required materials for

Inbound HW/FW security reviews

Inbound third party software security reviews

Product release security reviews

o Performing these security reviews

o Tracking the progress of individual reviews and producing reports

o Identifying and driving improvements to the processes

o Working with the Hardware Chief Security Architect and virtual security team and key internal partners

o Working with Oracle's 3rd party ecosystem to communicate Oracle's hardware security requirements and assess present adoption and future compliance

o Acting as a technical security resource for Oracle's 3rd party ecosystem

o Developing tools as-needed to support the process

o Opportunities to work on code level assessment partnering with the Core Firmware Engineering team

o Opportunities to be involved with Architectural Risk Analysis and threat analysis

Required Qualifications:

o B.S. in Computer Science, Computer Engineering, or related field

o 7+ years in the field of software engineering and/or security

o Experience in security analysis/assessments and the ability to audit security or forensic reports

o Expertise across secure firmware/software development lifecycle e.g. component security reviews, static and dynamic analysis tools

o Highly motivated, with a sense of urgency and ability to deliver multiple tasks under time-frame pressure

o Big problem solver, who can be both strategic and able to dive into details as needed

o Capable of working independently

o

Experience with understanding, analyzing, and communicating hardware security vulnerabilities, attacks, and research to engineering  communities and audiences

o Comfortable dealing with ambiguity and ability to adapt to changing environment and needs

o Excellent written and oral communication skills

o

Experience with the architecture, design, and implementation of modern server platform hardware & firmware

o Programming experience (C/C++, Linux…