Oracle Cloud Architect
Description:
Under the guidance/direction/supervision of the Cloud Manager and others as assigned, the Contractor will design and implement OCI IAM– and Microsoft Entra–based SSO solutions for both cloud and on-premises Oracle applications. The candidate should be an expert in Identity and Access Management (IAM), Single Sign-On (SSO), and secure DMZ architectures. The candidate will also document the end-to-end security architecture and DMZ access patterns to ensure robust, scalable, and secure user access for internal and external stakeholders.
Duties & Responsibilities
• Design, configure, and deploy OCI IAM Identity Providers and federations—and integrate with Microsoft Entra ID (formerly Azure AD)—to establish SAML/OIDC-based SSO for:
o Oracle E-Business Suite o
PeopleSoft
o Oracle Analytics Server 2024
• Implement bidirectional federation: Allow Entra users to authenticate into OCI-protected apps and allow OCI identities to access Entra-protected resources.
• Integrate on-premises Oracle applications with OCI IAM and Entra via OCI IDCS, Azure AD Application Proxy, or custom federation proxies as needed.
• Integrate on-premises Oracle applications with OCI IAM, using OCI IDCS or custom federation proxies as needed.
• Deploy and configure secure reverse-proxy or WAF layers (OCI Web Application Firewall, Application Gateway, Azure AD Application Proxy, Oracle Access Manager) for external SSO endpoints.
• Document the OCI IAM security architecture, including trust models, identity lifecycles, user-attribute mapping, and certificate management.
• Define and implement a hardened DMZ architecture to broker access between external users, internal users, and on-premises Oracle services.
• Configure OCI Networking (VCNs, Subnets, Security Lists, Network Security Groups, Transit Gateways) to enforce least-privilege access.
• Develop runbooks, standard operating procedures (SOPs), and security baselines for IAM administration, patching, and certificate rotation.
• Conduct security reviews, threat modeling, and periodic penetration testing in collaboration with the Security Operations team.
• Work closely with application teams, network engineers, and security auditors to align on access requirements and compliance standards.
• Provide training sessions and hand-off documentation for operations and support teams.
Requirements:
• Experience o
Minimum of 15 years of experience in the Oracle stack, with at least 8 years in enterprise IAM.
o Proven track record implementing SAML 2.0 / OIDC SSO integrations with onpremises Oracle stacks (EBS, PeopleSoft, OAS).
o Hands-on experience in designing and operating secure DMZ/network architectures for hybrid cloud/on-prem environments.
• Technical Skill o
OCI Core Services: IAM, Networking (VCN, NSG, TGW), Compute, Load Balancing, WAF.
o Azure Core Services: Entra ID, Virtual Network, Application Gateway, Azure AD Application Proxy.
o Federation Technologies: SAML 2.0, OIDC, OAuth2, JWT, LDAP/AD integration. o
On-Premises Oracle Stack: EBS 12.2.7, PeopleSoft, OAS 2024.
o Reverse Proxy / API Gateway: Oracle Access Manager, OCI API Gateway, Azure AD App Proxy.
• Oracle Certified Master (OCM) or Professional (OCP) in Cloud IAM or Security.
• Excellent communication, analytical, and project management skills.