Oracle Cloud Architect

Scope of Work

• Under the guidance/direction/supervision of the Cloud Manager and others as assigned, the Contractor will design and implement OCI IAM and Microsoft Entra based SSO solutions for both cloud and on-premises Oracle applications.
• The candidate should be an expert in Identity and Access Management (IAM), Single Sign-On (SSO), and secure DMZ architectures. The candidate will also document the end-to-end security architecture and DMZ access patterns to ensure robust, scalable, and secure user access for internal and external stakeholders.
• Design, configure, and deploy OCI IAM Identity Providers and federations-and integrate with Microsoft Entra ID (formerly Azure AD)-to establish SAML/OIDC-based SSO for:

• Oracle E-Business Suite
• PeopleSoft
• Oracle Analytics Server 2024

• Implement bidirectional federation: Allow Entra users to authenticate into OCI-protected apps and allow OCI identities to access Entra-protected resources.
• Integrate on-premises Oracle applications with OCI IAM and Entra via OCI IDCS, Azure AD Application Proxy, or custom federation proxies as needed.
• Integrate on-premises Oracle applications with OCI IAM, using OCI IDCS or custom federation proxies as needed.
• Deploy and configure secure reverse-proxy or WAF layers (OCI Web Application Firewall, Application Gateway, Azure AD Application Proxy, Oracle Access Manager) for external SSO endpoints.
• Document the OCI IAM security architecture, including trust models, identity lifecycles, user-attribute mapping, and certificate management.
• Define and implement a hardened DMZ architecture to broker access between external users, internal users, and on-premises Oracle services.
• Configure OCI Networking (VCNs, Subnets, Security Lists, Network Security Groups, Transit Gateways) to enforce least-privilege access.
• Develop runbooks, standard operating procedures (SOPs), and security baselines for IAM administration, patching, and certificate rotation.
• Conduct security reviews, threat modeling, and periodic penetration testing in collaboration with the Security Operations team.
• Work closely with application teams, network engineers, and security auditors to align on access requirements and compliance standards.
• Provide training sessions and hand-off documentation for operations and support teams.

Requirements:

• Experience:

• Minimum of 15 years of experience in the Oracle stack, with at least 8 years in enterprise IAM.
• Proven track record implementing SAML 2.0 / OIDC SSO integrations with on- premises Oracle stacks (EBS, PeopleSoft, OAS).
• Hands-on experience in designing and operating secure DMZ/network architectures for hybrid cloud/on-prem environments.

• Technical Skill:

• OCI Core Services: IAM, Networking (VCN, NSG, TGW), Compute, Load Balancing, WAF.
• Azure Core Services: Entra ID, Virtual Network, Application Gateway, Azure AD Application Proxy.
• Federation Technologies: SAML 2.0, OIDC, OAuth2, JWT, LDAP/AD integration.
• On-Premises Oracle Stack: EBS 12.2.7, PeopleSoft, OAS 2024.
• Reverse Proxy / API Gateway: Oracle Access Manager, OCI API Gateway, Azure AD App Proxy.

• Oracle Certified Master (OCM) or Professional (OCP) in Cloud IAM or Security.
• Excellent communication, analytical, and project management skills