Oracle cloud Infrastructure Engineer

Note: Need Immediate Joiner

Roles and Responsibilities:

Security Architecture & Design: -

• Architect and implement end-to-end security frameworks for OCI tenancies aligned with CIS OCI Foundations Benchmark, NIST CSF, and ISO 27001.
• Design multi-layer security architectures including perimeter security, network security, workload security, data security, and identity security.
• Conduct cloud security architecture reviews and threat modeling for OCI-hosted applications and infrastructure.
• Define and enforce security baselines, guardrails, and security landing zones for OCI environments.
• Evaluate and recommend OCI-native and third-party security tools and services. Identity & Access

Management (IAM): -

• Design and implement OCI IAM policies, Compartments, Groups, Dynamic Groups, and Federation (SAML, SCIM, LDAP) for enterprise-grade access governance.
• Implement Principle of Least Privilege (PoLP) and Role-Based Access Control (RBAC) across OCI resources.
• Manage OCI Identity Domains, Multi-Factor Authentication (MFA), and Privileged Access Management (PAM) integrations.
• Conduct periodic IAM access reviews and entitlement certifications.
• Implement service account and API key lifecycle management for OCI resources.

Data Security & Encryption:

• Design and implement data encryption strategies for data at rest and data in transit across OCI services.
• Manage OCI Vault (Key Management Service) for customer-managed encryption keys (CMEKs), secrets, and certificates.
• Implement OCI Data Safe for Oracle Database security assessment, data masking, and sensitive data discovery.
• Configure and manage OCI Object Storage encryption, Block Volume encryption, and Database encryption.
• Define and enforce data classification and data handling policies on OCI.

Network Security: -

• Design and implement network security controls using OCI Network Firewall, Web Application Firewall (WAF), Security Lists, and Network Security Groups (NSGs).
• Configure OCI DDoS protection, rate limiting, and traffic scrubbing for internet-facing workloads.
• Implement Zero Trust Network Access (ZTNA) principles on OCI.
• Monitor and analyze VCN Flow Logs, Firewall logs, and WAF logs for threat detection.
• Conduct network security assessments and penetration testing coordination. Threat Detection,

Monitoring & Incident Response:

• Implement and manage OCI Cloud Guard for continuous security posture monitoring, threat detection, and automated remediation.
• Configure OCI Security Zones and Security Advisor to enforce security policies at the compartment level.
• Integrate OCI Logging, OCI Logging Analytics, and OCI Events with SIEM platforms (Splunk, IBM QRadar, Microsoft Sentinel) for centralized security monitoring.
• Define and respond to security incidents including investigation, containment, eradication, and recovery.
• Develop and maintain Incident Response (IR) plans, playbooks, and runbooks for OCI environments.
• Conduct regular threat hunting and vulnerability management activities. Vulnerability

Management & Compliance:

• Conduct security assessments, vulnerability scans, and CIS benchmark compliance checks across OCI environments.
• Manage and track remediation of vulnerabilities identified in OCI workloads and infrastructure.
• Ensure compliance with regulatory standards including PCI-DSS, HIPAA, GDPR, SOC 2, and ISO 27001 on OCI.
• Leverage OCI Compliance Documents and perform audit evidence collection for security certifications.
• Implement and manage OCI Audit Service for comprehensive activity logging and forensic readiness.

DevSecOps & Automation:

• Embed security controls into CI/CD pipelines (shift-left security) including SAST, DAST, SCA, and container image scanning.
• Automate security policy enforcement and compliance checks using Terraform, OCI CLI, and custom Python/Bash scripts.
• Implement OCI Functions for automated security response and remediation.
• Develop security-as-code policies using OPA (Open Policy Agent) or equivalent frameworks.
• Manage secure configuration baselines using Ansible and OCI OS Management Service.

Collaboration & Stakeholder Engagement:

• Provide security advisory and consultation to project teams during design and implementation phases.
• Conduct security awareness sessions and training for cloud operations and development teams.
• Engage with Oracle security teams, third-party auditors, and regulatory bodies as required.
• Mentor junior security engineers and contribute to security capability building within the organization.
• Prepare security reports, dashboards, and executive summaries for leadership and clients.

PRIMARY SKILLSETS OCI Security Services:

• Deep expertise in OCI IAM (Policies, Compartments, Domains, Federation, Dynamic Groups, Service Principals).
• Hands-on experience with OCI Cloud Guard, Security Zones, Security Advisor, and Threat Intelligence.
• Proficiency in OCI Vault (Key Management), OCI Certificates, and OCI Data Safe.
• Strong knowledge of OCI Network Firewall, WAF, VCN Flow Logs, and DDoS Protection.
• Experience with OCI Audit Service, OCI Logging, OCI Logging Analytics, and OCI Events.
• Familiarity with OCI Bastion Service, OCI Web Application Firewall, and OCI Identity Domains.

Cloud Security Fundamentals:

Strong understanding of cloud security frameworks: CIS OCI Benchmark, NIST CSF, ISO 27001, CSA CCM.

• Expertise in encryption standards (AES-256, TLS 1.2/1.3, RSA, ECC) and PKI management.
• Deep knowledge of IAM concepts including RBAC, ABAC, PoLP, PAM, and Zero Trust.
• Experience with threat modeling methodologies (STRIDE, PASTA, DREAD).
• Proficiency in vulnerability management tools (Qualys, Nessus, Rapid7, or equivalent).
• Knowledge of penetration testing concepts and coordination with external pen test teams.

Security Operations & Compliance:

• Experience with SIEM platforms (Splunk, QRadar, Microsoft Sentinel, or equivalent) for log ingestion and correlation.
• Hands-on experience with Incident Response (IR) processes and security playbook development. - Knowledge of compliance frameworks: PCI-DSS, HIPAA, GDPR, SOC 2 Type II, ISO 27001, and DPDP Act.
• Experience with GRC tools and security risk management frameworks.

Automation & Scripting: - Proficiency in Python, Ansible, Bash scripting for security automation. - Hands-on experience with Terraform for security infrastructure as code. - Familiarity with OCI CLI and OCI SDKs for security operations. - Experience with DevSecOps tools: SonarQube, Trivy, Checkmarx, Aqua Security, or Prisma Cloud.

4. SECONDARY SKILLSETS

• Experience with Oracle Database Security including TDE, Database Vault, Label Security, and Audit Vault.
• Knowledge of OCI Data Science and AI/ML security considerations.
• Familiarity with container security and Kubernetes security (OKE RBAC, Pod Security, Network Policies).
• Exposure to CASB (Cloud Access Security Broker) solutions. - Understanding of OCI Observability and Monitoring for security performance baselines.
• Knowledge of cloud forensics and digital evidence collection techniques.
• Experience with phishing simulation, security awareness, and training program management.
• Familiarity with Oracle CASB Cloud Service and Oracle Security Monitoring and Analytics.
• Understanding of supply chain security and software composition analysis (SCA).
• Knowledge of multi-cloud security architecture (OCI + AWS, OCI + Azure) and cross-cloud governance.
• Exposure to OCI Government Cloud and sovereign cloud security requirements.

Job Description:

• We are seeking a highly experienced OCI Security Specialist with 7 to 11 years of expertise in cloud security architecture, implementation, and operations on Oracle Cloud Infrastructure (OCI).
• The ideal candidate will have a strong background in cloud security engineering, identity and access governance, data protection, threat detection, and compliance management within OCI and hybrid cloud environments.
• The OCI Security Specialist will be responsible for designing and implementing a comprehensive security posture across OCI tenancies, ensuring that workloads, data, networks, and identities are protected in accordance with enterprise security policies and regulatory requirements.
• This role requires deep expertise in OCI security services, security frameworks (CIS, NIST, ISO 27001), and DevSecOps practices.
• The candidate will collaborate with cloud architects, network engineers, DevOps teams, compliance officers, and application teams to embed security across all layers of the cloud environment.

PRIMARY SKILLSETS OCI Security Services: -

• Deep expertise in OCI IAM (Policies, Compartments, Domains, Federation, Dynamic Groups, Service Principals).
• Hands-on experience with OCI Cloud Guard, Security Zones, Security Advisor, and Threat Intelligence.
• Proficiency in OCI Vault (Key Management), OCI Certificates, and OCI Data Safe.
• Strong knowledge of OCI Network Firewall, WAF, VCN Flow Logs, and DDoS Protection.
• Experience with OCI Audit Service, OCI Logging, OCI Logging Analytics, and OCI Events.
• Familiarity with OCI Bastion Service, OCI Web Application Firewall, and OCI Identity Domains.

Security Operations & Compliance:

• Experience with SIEM platforms (Splunk, QRadar, Microsoft Sentinel, or equivalent) for log ingestion and correlation.
• Hands-on experience with Incident Response (IR) processes and security playbook development. - Knowledge of compliance frameworks: PCI-DSS, HIPAA, GDPR, SOC 2 Type II, ISO 27001, and DPDP Act.
• Experience with GRC tools and security risk management frameworks. Automation & Scripting: - Proficiency in Python, Ansible, Bash scripting for security automation.
• Hands-on experience with Terraform for security infrastructure as code.
• Familiarity with OCI CLI and OCI SDKs for security operations.
• Experience with DevSecOps tools: SonarQube, Trivy, Checkmarx, Aqua Security, or Prisma Cloud.

Note: Need Immediate Joiner