Security Analyst 4

Job DescriptionJob Description:Oracle Cloud Infrastructure (OCI) Hardware team is seeking a highly driven hardware/firmware security expert at the Principal Engineer level to participate in organizational wide SecurityAssurance program while also remaining involved in technical security reviews and having the opportunity to work on code level security. All engineering teams at Oracle are required to followsecurity best practices on how to make smart choices that build security into our products and services. These Oracle Software Security Assurance Standards (OSSA) and Oracle Hardware Security Assurance (OHWSA) standards provide guidance cross the entire lifecycle of component selection / in-take, product design, development, testing, release/deployment, and vulnerability/patch management. The OCI Hardware Development team provides the AI, GPUs, components of Oracle's AI hardware platform hardware and firmware used in Oracle Cloud and in Oracle Engineered Systems including Oracle Exadata. The OCI Hardware organization you will join has delivered the first and second generation of Oracle cloud platforms and is working to build the next generation of cloudand enterprise systems, with record breaking-performance, security, and world class quality using the latest and greatest merchant silicon and technologies.Job Summary:As a part of the OCI Hardware/Firmware Security team the candidate will work closely with the team's Chief Security Architect. The role is focused on managing and participating in all aspects of the OCI Release Management (ORM); Oracle's Hardware Security Assurance (OSSA); Oracle Hardware/Software Security Vendor Intake program and Manage HW/FW security vulnerabilities end to end - from triage to mitigation planning and rollout to customer messaging as wells as opportunities to work on security projects and initiatives defined by the Chief Security Architect. The scope spans both hardware and firmware, Oracle internal teams as well as external partners and extends from Oracle team education and support, to performing technical security and process reviews and to ensuring that Oracle's partners understand Oracle's security requirements for the future. Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.ResponsibilitiesResponsibilities:o Monitor vendor embargoed advisories (Intel, AMD, NVIDIA, ARM, etc.), VINCE, and other sources for hardware and firmware vulnerabilities.o Perform risk analysis and threat modeling to triage applicability and risk of vulnerabilities to Oracle hardware products and platforms.o Drive and track mitigation of vulnerabilities across various OCI teams and stakeholders through rollout.o Communicate risk and mitigation plan to internal teams, leadership, and customers through legally approved messaging.o Familiarity with python in order to run internal tools that aid with vul mgmt.o Helping engineering teams plan for security reviews of the HW/FW technologies which are being considered for useo Ensuring that teams create the required materials forInbound HW/FW security reviewsInbound third party software security reviewsProduct release security reviewso Performing these security reviewso Tracking the progress of individual reviews and producing reportso Identifying and driving improvements to the processeso Working with the Hardware Chief Security Architect and virtual security team and key internal partnerso Working with Oracle's 3rd party ecosystem to communicate Oracle's hardware security requirements and assess present adoption and future complianceo Acting as a technical security resource for Oracle's 3rd party ecosystemo Developing tools as-needed to support the processo Opportunities to work on code level assessment partnering with the Core Firmware Engineering teamo Opportunities to be involved with Architectural Risk Analysis and threat analysisRequired Qualifications:o B.S. in Computer Science, Computer Engineering, or related fieldo 7+ years in the field of software engineering and/or securityo Experience in security analysis/assessments and the ability to audit security or forensic reportso Expertise across secure firmware/software development lifecycle e.g. component security reviews, static and dynamic analysis toolso Highly motivated, with a sense of urgency and ability to deliver multiple tasks under time-frame pressureo Big problem solver, who can be both strategic and able to dive into details as neededo Capable of working independentlyo Experience with understanding, analyzing, and communicating hardware security vulnerabilities, attacks, and research to engineering communities and audienceso Comfortable dealing with ambiguity and ability to adapt to changing environment and needso Excellent written and oral communication skillso Experience with the architecture, design, and implementation of modern server platform hardware & firmwareo Programming experience (C/C++, Linux Programming, bash, Python, Java)Disclaimer:Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.Range and benefit information provided in this posting are specific to the stated locations onlyUS: Hiring Range in USD from: $96,800 to $223,400 per annum. May be eligible for bonus and equity.Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.Oracle US offers a comprehensive benefits package which includes the following: Medical, dental, and vision insurance, including expert medical opinion Short term disability and long term disability Life insurance and AD&D Supplemental life insurance (Employee/Spouse/Child) Health care and dependent care Flexible Spending Accounts Pre-tax commuter and parking benefits 401(k) Savings and Investment Plan with company match Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation. 11 paid holidays Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours. Paid parental leave Adoption assistance Employee Stock Purchase Plan Financial planning and group legal Voluntary benefits including auto, homeowner and pet insurance The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.Career Level - IC4About UsOnly Oracle brings together the data, infrastructure, applications, and expertise to power everything from industry innovations to life-saving care. And with AI embedded across our products and services, we help customers turn that promise into a better future for all. Discover your potential at a company leading the way in AI and cloud solutions that impact billions of lives.True innovation starts when everyone is empowered to contribute. That's why we're committed to growing a workforce that promotes opportunities for all with competitive benefits that support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing or by calling 1-888-404-2494 in the United States.Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Created: 2026-03-04