CloudSec Architect - Oracle Cloud Infrastructure - SC-cleared

CloudSec Architect - Oracle Cloud Infrastructure - SC-cleared

Posted 1 day ago by Parker Shaw on JobServe

Negotiable
Undetermined
Undetermined
Hybrid - likely at least 20% on-site, mostly London, but also Birmingham & other sites as required, UK
p>We are currently recruiting for an experienced Could Security Architect with extensive Oracle Cloud Infrastructure experience to work an urgent 4-month contract (with a high likelihood to extend). Candidates must hold active SC clearance and must be available to start immediately.

Desired experience:

Overall Architect lead on

  • Design and Document Cloud Guard configuration
  • Design and Document Security Zones setup
  • Design and Document Security Advisor configuration
  • Design and Document Web Application Firewall configuration
  • Design and Document Security Audit setup

Compartment Security

  • Design and Define Compartment Security requirement
  • Documenting Naming conventions and Tagging Compartments
  • Defining the policy statement
  • Required rule statement identification and technical definition for new policies
  • Compute instance life cycle definition

Bastion Security

  • Access control configuration definition
  • Node access restriction documentation
  • Network restriction definition and documentations
  • Host Security (HSM) requirement, configurations, definitions and documentations

Block Volume Security

  • Access Policy definitions for user and resources
  • Encryption and key requirement definitions
  • Cloud guard detector and responder recipe definitions for block volume
  • Process definition and documentation of Encryption key rotation for block volumes
  • Incident response process definition for block volume cloud guard notifications

Virtual Machine Security

  • Secure network access requirement definitions
  • Cloud guard detector and responder recipe definitions for Compute resources
  • security zone (optional) requirement identification and definition for compute resources
  • Process definitions to Respond to problems detected in Cloud Guard
  • Identification and definition of compute patch requirement and processes
  • Documentation of VSS requirements and processes
  • security audit process definitions

Network Security

  • Public and Private subnet technical requirement definition
  • WAF, Firewall and API Gateway Security rule definition
  • Security zone definition
  • Network related IAM policy definition
  • IPSec VPN security configuration definition

Object Storage Security

  • Secure network access definition for resources
  • Identification and definition of Cloud Guard (optional) recipes for Object Storage
  • Create a security zone (optional) requirement identification and definitions
  • Process definitions to respond to security problems detected in Cloud Guard
  • Security Audit process definitions

Zones Security

  • Define requirement for compartments and security zones
  • Evaluate and define new security zone policies
  • Define process for security zone audit

Tag Security

  • Define tag namespaces

Securing Vulnerability Scanning

  • Define requirement and configuration for service gateway to scan Compute instances that don't have public IP addresses.
  • Define process for security audit

If you feel you have the skills and experience needed for this role; please do apply now.