OCI Security Specialist The OCI Security Specialist designs and implements secure, compliant cloud environments on Oracle Cloud Infrastructure, focusing on CIS benchmarks, network security, and identity governance. This role combines expertise in OCI Landing Zones, security tooling, and hybrid cloud integrations to enforce robust threat detection, vulnerability management, and regulatory compliance. Key Responsibilities • CIS-compliant Landing Zones: Design and deploy CIS-aligned OCI Landing Zones using blueprints that enforce network segmentation, IAM policies, and logging/monitoring modules16. Customize compartments, security lists, and VCNs to meet client requirements while adhering to CIS OCI Foundations Benchmark controls. • Load Balancer & Encryption: Configure internal/external load balancers with end-to-end SSL/TLS encryption. Manage certificate lifecycle (setup, renewal) using OCI Certificates service and integrate with Let’s Encrypt or third-party CAs. • Network Security: Implement OCI Network Firewall (NFW) rules, Web Application Firewall (WAF) policies, and IPsec VPN/FastConnect for hybrid cloud connectivity to AWS/Azure. Design DNS architectures (e.g., private DNS resolvers) for secure domain resolution. • Identity & Access Governance: Set up IAM identity domains, federate with Active Directory/Entra ID, and enforce MFA for local/federated users. Apply granular policies to restrict bucket deletions and compartment access. • Security Hardening: Execute CIS benchmark hardening for OS (Linux/Windows), OCI Compute instances, and databases. Remediate critical/high-severity findings from Cloud Guard, Vulnerability Scanning Service (VSS), and manual assessments. • Security Tooling: Integrate OCI with Splunk and Tenable for centralized vulnerability scanning, logging, and risk-based alerting. Automate exposure assessments using Tenable Add-ons and Splunk SPL queries. • Zero-Trust Controls: Deploy OCI Security Zones to enforce compartment-level policies, blocking actions that weaken security posture. Configure Vaults for managing CMKs, secrets, and encryption keys. • Allow listing & Anti-Malware: Implement allow listing policies for approved software/entities and deploy anti-malware solutions across compute instances Key Knowledge Areas • CIS Benchmarks: CIS OCI Foundations Benchmark controls, mapping to NIST/ISO frameworks, and Secure Suite tools for compliance validation. • OCI Security Services: Cloud Guard, VSS, Security Zones, WAF, Network Firewall, and Certificates service. • Hybrid Architectures: FastConnect, VPN, and multicloud DNS configurations with AWS/Azure. • IAM & AD Integration: Identity domain federation, policy conditions, and privilege escalation prevention. • Threat Detection: Splunk-Tenable integration for correlating vulnerabilities with security events. • Secrets Management: Vault CMK rotation, secret encryption, and access audit trails Required Technical Skills • Proficiency in deploying CIS Landing Zones with Terraform or OCI Resource Manager. • Hands-on experience with: o OCI Load Balancer SSL termination and mutual TLS (mTLS). o NFW rule creation for layer 3/4 traffic inspection and threat prevention. o Security Zone policy customization to block non-compliant resource actions. o Splunk SPL queries for vulnerability prioritization and Tenable scan automation. • Certifications: OCI Architect Professional, CISSP, or CIS Controls certifications. • Scripting skills (Python, Bash) for automating Cloud Guard responder recipes and allowlisting. Qualifications • Education: Bachelor’s degree in Cybersecurity, Computer Science, or related field. • Experience: 5 years in cloud security, including 3 years focused on OCI. • Certifications: OCI Security Specialist, CIS Benchmark Assessor, or equivalent. • Preferred: Experience with PCI DSS/HIPAA compliance and hybrid cloud SIEM deployments. This role demands expertise in OCI’s native security controls and third-party integrations to build resilient, audit-ready environments aligned with CIS and industry frameworks.