Oracle logo

Cloud Security Consultant

Oracle
Full-time
On-site
Bengaluru, Karnataka, India
Cybersecurity
Description

Role summary
Designs, implements and governs cloud solutions on Oracle Cloud Infrastructure (OCI), ensuring security, scalability, reliability, cost efficiency across enterprise workloads, manage Oracle database platforms on OCI, ensuring performance, availability, security, and lifecycle management across mission-critical workloads.

Key responsibilities

   Cloud architecture & design: Create end-to-end OCI reference architectures for new and existing workloads (IaaS/PaaS), including landing zones and multi-tier applications.
   Networking: Design VCN architecture (subnets, route tables, security lists/NSGs), DRGs, IPSec/FastConnect, load balancers, DNS, private endpoints, and network segmentation.
   Identity & security: Implement IAM (compartments, policies, dynamic groups), MFA/SSO integration, key management (OCI Vault/KMS), secret management, encryption, and security posture management.
   Governance & standards: Define tagging strategy, compartment model, guardrails, and architecture standards aligned to enterprise compliance needs.
   Resilience & DR: Build HA/DR designs across availability and fault domains, regions, backup strategy, and recovery runbooks (RTO/RPO).
   Automation & DevOps: Use IaC (Terraform), CI/CD pipelines, configuration management, and operational automation; promote reusable modules and patterns.
   Observability & operations: Implement logging, monitoring, alarms, tracing, and capacity planning; establish SRE-style operational practices.
   Migration & modernization: Lead assessments and migrations (on-prem to OCI), including rehost/refactor decisions and performance tuning.
   Cost management: Implement FinOps practices—right-sizing, budgets, quotas, reserved capacity where applicable, and chargeback/showback.
   Stakeholder engagement: Partner with app teams, security, network, and leadership; produce architecture artifacts and lead design reviews.
   OCI database platform strategy: Define reference architectures and standards for Autonomous Database, Exadata Database Service, OCI DB Systems, and related HA/DR patterns.
    Workload assessment & service fit: Recommend the best OCI database service for OLTP/analytics/mixed workloads, factoring performance, cost, operational ownership, and licensing (BYOL vs license included).
    HA/DR architecture: Architect and govern RAC/Data Guard/Active Data Guard (as applicable), backup strategy (RMAN/backups), cross-region DR, and regular failover testing.
    Performance architecture & tuning: Lead sizing, AWR/ASH-based tuning, SQL optimization, indexing/partitioning strategy, connection management, and throughput/latency validation.
     Implement and govern TDE (tablespace/column), TLS in transit, and secure wallet/keystore management.
   Define key rotation, custody, and lifecycle processes using approved KMS solutions (e.g., OCI Vault).
   Ensure encryption coverage for backups, replicas, exports, and data movement.

Required skills/experience

   Strong experience with OCI core services: Compute, Networking, Block/Object Storage, IAM, Load Balancing, Vault, Monitoring/Logging.
   Proven cloud architecture experience (enterprise scale), including multi-account/compartment governance.
   Hands-on with Terraform (preferred) and automation tooling.
   Solid understanding of security and compliance principles (least privilege, encryption, auditability).
   Experience designing HA/DR and operational runbooks.
   Experience in Audit Vault and Database Firewall, Oracle Data Safe and DB Vault.



Responsibilities

Role summary
Designs, implements and governs cloud solutions on Oracle Cloud Infrastructure (OCI), ensuring security, scalability, reliability, cost efficiency across enterprise workloads, manage Oracle database platforms on OCI, ensuring performance, availability, security, and lifecycle management across mission-critical workloads.

Key responsibilities

   Cloud architecture & design: Create end-to-end OCI reference architectures for new and existing workloads (IaaS/PaaS), including landing zones and multi-tier applications.
   Networking: Design VCN architecture (subnets, route tables, security lists/NSGs), DRGs, IPSec/FastConnect, load balancers, DNS, private endpoints, and network segmentation.
   Identity & security: Implement IAM (compartments, policies, dynamic groups), MFA/SSO integration, key management (OCI Vault/KMS), secret management, encryption, and security posture management.
   Governance & standards: Define tagging strategy, compartment model, guardrails, and architecture standards aligned to enterprise compliance needs.
   Resilience & DR: Build HA/DR designs across availability and fault domains, regions, backup strategy, and recovery runbooks (RTO/RPO).
   Automation & DevOps: Use IaC (Terraform), CI/CD pipelines, configuration management, and operational automation; promote reusable modules and patterns.
   Observability & operations: Implement logging, monitoring, alarms, tracing, and capacity planning; establish SRE-style operational practices.
   Migration & modernization: Lead assessments and migrations (on-prem to OCI), including rehost/refactor decisions and performance tuning.
   Cost management: Implement FinOps practices—right-sizing, budgets, quotas, reserved capacity where applicable, and chargeback/showback.
   Stakeholder engagement: Partner with app teams, security, network, and leadership; produce architecture artifacts and lead design reviews.
   OCI database platform strategy: Define reference architectures and standards for Autonomous Database, Exadata Database Service, OCI DB Systems, and related HA/DR patterns.
    Workload assessment & service fit: Recommend the best OCI database service for OLTP/analytics/mixed workloads, factoring performance, cost, operational ownership, and licensing (BYOL vs license included).
    HA/DR architecture: Architect and govern RAC/Data Guard/Active Data Guard (as applicable), backup strategy (RMAN/backups), cross-region DR, and regular failover testing.
    Performance architecture & tuning: Lead sizing, AWR/ASH-based tuning, SQL optimization, indexing/partitioning strategy, connection management, and throughput/latency validation.
     Implement and govern TDE (tablespace/column), TLS in transit, and secure wallet/keystore management.
   Define key rotation, custody, and lifecycle processes using approved KMS solutions (e.g., OCI Vault).
   Ensure encryption coverage for backups, replicas, exports, and data movement.

Required skills/experience

   Strong experience with OCI core services: Compute, Networking, Block/Object Storage, IAM, Load Balancing, Vault, Monitoring/Logging.
   Proven cloud architecture experience (enterprise scale), including multi-account/compartment governance.
   Hands-on with Terraform (preferred) and automation tooling.
   Solid understanding of security and compliance principles (least privilege, encryption, auditability).
   Experience designing HA/DR and operational runbooks.
   Experience in Audit Vault and Database Firewall, Oracle Data Safe and DB Vault.



Qualifications

Career Level - IC2