Oracle Consultant at Tri-Com Consulting
About the Job
The Tri-Com Consulting Group
is a Full-Service IT Employment Consulting Firm who is seeking qualified candidates for the following opening:
Oracle Consultant
Project #2 – DBSAT Risk Remediation
The DBSAT and CIS-CAT Pro tools were used to conduct an audit of security controls and configuration settings across a sample subset of Oracle pluggable databases. It was decided upon review that the DBSAT findings were more robust and would be used as the basis for enhancing our security posture. Of particular concern are those falling into the “High” and “Medium” risk categories. These categories are comprised of 11 unique issues, consisting of 2 “High” risk and 5 “Medium” risk findings per pluggable database. The successful consultant must have a strong understanding of Oracle allowing them to make recommendations to the Audit, DBA and application owner teams as to each finding’s necessity. Once consensus is reached, they must implement the agreed upon changes.
Objectives:
- Working under the direction of the DBA team, and in conjunction with application stakeholders, coordinate, test and implement remediations for all levels of DBSAT findings as applicable.
Responsibilities:
- Project plan:
- Create a timeline with a communications plan and milestones for the remediation of the DBSAT findings.
- Planning phase:
- Plan “High” and “Medium” risks remediation.
- Review “Low” risk findings and plan remediation as necessary.
- Evaluate “Advisory” and “Evaluate” findings and determine rationale and necessity for implementation.
- Create contingency plans to allow for quick recovery in case of issues.
- Configuration and testing:
- Execute contingency plan prep steps.
- Work with application stakeholders to implement configuration changes.
- Work with application stakeholders to test configuration changes and receive sign off to move to production.
- Coordination and implementation:
- Execute contingency plan prep steps.
- Coordinate and implement changes in production environments during maintenance windows.
- Documentation:
- Document rationale for implementing or discarding each change.
- Document and track each change across all databases.
- Rerun DBSAT checks on original sample subset to ensure fixes are in place.
Deliverables:
The remote consultant is expected to apply the mutually agreed upon remediation changes to all 120 Oracle pluggable databases in the client environment and deliver robust documentation as outlined above.
Project #3 – External Linux Auth & MFA
The client’s current Oracle Enterprise Linux footprint consists of 2 Exadata machines and 3 VMware virtual machines. On the Exadata machines, Linux authentication is made using local Linux usernames and passwords. The purpose of this project is to switch over to user accounts based on Active Directory and take advantage of DUO multi-factor authentication to bring the systems into compliance with the client’s policies and industry best practices. Service accounts will not fall under this requirement.
Objectives:
- Working under the direction of the DBA team, and in conjunction with the IAM (Identity and Access Management) and SSG (Server Systems Group) teams, test and implement integrating SSO and MFA.
Responsibilities:
- Project plan:
- Create a timeline, communication plan and milestones for implementing SSO and MFA.
- Planning phase:
- Create a detailed approach to be reviewed by IAM and SSG.
- Work with stakeholders to generate an achievable timeline.
- Contingency and rollback plans including break glass scenarios.
- Configuration and testing:
- Working in development (Exa02), configure and test SSO with MFA.
- Coordination and implementation:
- Coordinate and implement changes in development on Exadata02 during a maintenance window.
- Coordinate and implement changes in production on Exadata02 during a maintenance window.
- Documentation and review:
- Document and track steps to configure SSO with MFA.
- IAM/SSG review of implementation.
Deliverables:
The remote consultant is expected to implement SSO and MFA for all user accounts on both Exadata servers along with robust documentation as outlined above.
Project #4 – Auditing Changes
This project outlines the tasks for implementing “unified” Oracle auditing and integrating the auditing data with Splunk. The goal is to enhance security monitoring and compliance by centralizing audit data from inside individual Oracle databases into our centralized Splunk SEIM for comprehensive analysis and reporting. This will grant audit review capabilities to other parties outside the DBA team.
Objectives:
- Working under the direction of the DBA team, test and implement Unified” auditing.
- Working with the DBA and ISO (Security) teams, test and implement audit reporting integration with Splunk.
Responsibilities:
- Project plan:
- Create project milestones and deliverables.
- Planning phase:
- Assess the current Oracle audit configuration and outline best path forward
- Define requirements for integrating with Splunk
- Configuration and testing:
- Implement “unified” auditing on Exa02 (dev/test) for testing in a staged fashion.
- Integrate audit data with Splunk, collaborating with DBA and ISO teams to resolve issues.
- Gather feedback from client teams to identify, and execute on, areas of improvement.
- Receive sign off for moving to production.
- Coordination and implementation:
- Roll out “unified” auditing and Splunk integration on Exa02 (prod) in a staged manner.
- Provide troubleshooting support and issue resolution post implementation.
- Documentation and review:
- Create robust documentation outlining configuration settings, integration details and some basic troubleshooting guidelines.
Deliverables:
The remote consultant is expected to implement “unified” Oracle auditing on all databases and integrate this audit data with Splunk. Robust documentation as outlined above must also be delivered.
~Tri-Com is an Affirmative Action/Equal Opportunity Employer~
We strongly encourage the applications of women,
minorities, persons with disabilities, and military veterans.
As a condition of employment you will be required to pass a drug screening and other background checks including past employment and confirmation of technical certifications.