Security Architecture Specialist - AI & Regulated Health Systems

**Job Description** **About the Role** Oracle Health Data Intelligence (HDI) is entering a critical phase of regulatory and security modernization across our global health analytics and AI-enabled population health platform. As HDI accelerates readiness for MDR (Medical Device Regulation), AI regulatory requirements, and emerging global security standards, we are expanding our Security Architecture team with specialists who bring deep technical expertise, cloud security experience, and strong regulatory awareness. We are hiring **Security Architecture Specialists** who can design, review, and validate secure architectures across cloud-native healthcare systems, AI/ML pipelines, and distributed data platforms. This role is ideal for someone with experience performing **CSSAP-style reviews** , cloud security assessments, threat modeling, and providing technical guidance that aligns engineering execution with security and regulatory expectations. You will play a key role in ensuring that HDI's software, AI systems, data flows, and infrastructure meet strict global standards for security, privacy, MDR compliance, and AI safety. **Responsibilities** **What You Will Do** **Security Architecture Design & Review** + Provide specialized skills and knowledge in the design and review of secure networks, applications, systems, infrastructure, and AI/ML environments. + Ensure all architectures align with Oracle's Corporate Information Security policies, Line of Business (including Cloud) security standards, and relevant healthcare regulations (MDR, SaMD, GDPR, HIPAA where applicable). + Propose secure technical architectures that mitigate identified risks and support engineering teams in designing and implementing secure patterns. + Conduct **CSSAP-style security reviews** , including: + Cloud security posture analysis + Control architecture validation + Secure-by-design pattern evaluation + AI system risk assessment **Risk & Threat Analysis** + Perform design assessments, risk assessments, threat modeling, and (as needed) code reviews for high-risk components. + Identify, prioritize, and communicate security design issues, vulnerabilities, and emerging risks in AI/ML, data pipelines, and distributed systems. + Provide guidance on selecting and implementing security controls across identity, data, compute, networking, observability, and deployment layers. **Regulatory Security Alignment (MDR & AI Regulatory)** + Support MDR-related architecture documentation and ensure security controls are accurately reflected in: + Technical files + Software architecture descriptions + Risk management files (ISO 14971) + SaMD design documentation + Partner with Regulatory, MDR Program Leadership, and Risk Management TPMs to align security architecture with audit expectations. + Incorporate AI regulatory and AI safety considerations, including: + Data provenance + Model security + AI lifecycle controls + Bias, robustness, and explainability safeguards + Alignment with EU AI Act-style requirements **Security Tooling, Monitoring & Controls** + Assist in the design and guidance of toolsets that implement and monitor security controls across HDI's cloud-native environments. + Provide architectural leadership on: + SIEM/SOAR integrations + Identity & access governance + Secrets & key management + Vulnerability management automation + Cloud security posture management + Secure CI/CD, supply chain security, and artifact integrity **Security Research & Platform Stewardship** + Conduct security research on threats impacting: + Healthcare systems + Large-scale distributed architectures + AI/ML pipelines + Cloud-native services + Troubleshoot security issues and assist with updates, migrations, and upgrades to HDI's security platforms. + Advise engineering teams on data security, privacy requirements, encryption standards, and secure data handling. **Cross-Functional Partnership** + Collaborate closely with engineering, applied science, product, regulatory, compliance, and risk management teams. + Work with third-party assessors, regulatory consultants, and security certification bodies. + Support audit readiness for MDR, ISO standards, AI regulatory reviews, and enterprise security assessments. **What We're Looking For** **Required (Core Security & Architecture)** + 5+ years in security architecture, systems engineering, or cloud security engineering. + Hands-on experience with **cloud security in hyperscaler environments** (OCI, AWS, Azure, GCP). + Demonstrated experience in secure architecture design, threat modeling, risk assessment, and cloud control frameworks. + Experience conducting **security reviews such as CSAP, CSA STAR, FedRAMP-style, or internal architecture assessments.** + Strong understanding of secure cloud computing, microservices, distributed systems, and data security controls. + Ability to communicate complex architecture clearly to both technical and regulatory audiences. **Required (Regulatory / AI / Health Tech)** + Experience with one or more: + MDR (Medical Device Regulation) + ISO 14971 (risk management) + IEC 62304 + ISO 13485 or QMS environments + SaMD security documentation + Familiarity with **AI regulatory frameworks, AI safety principles, or model risk management** . + Experience supporting audits, regulatory submissions, or formal security assessments. **Preferred** + Knowledge of healthcare and life sciences platforms, PHI protection, or clinical data systems. + Experience with data privacy standards (GDPR, HIPAA, CCPA). + Prior experience documenting AI/ML system security or performing ML threat modeling. + Experience working with MDR Program teams, risk management TPMs, or regulatory engineering partners. + Background contributing to secure design guidance for engineering teams. **Why This Role Matters** Oracle Health data platforms are becoming increasingly cloud-native, AI-driven, and globally regulated. MDR compliance, AI regulatory requirements, and enterprise security expectations all intersect in complex ways. This role ensures HDI can: + Deploy AI-enabled healthcare solutions securely and safely. + Meet MDR and emerging AI regulation requirements. + Reduce audit exposure and regulatory risk. + Strengthen cross-functional alignment between engineering, security, and regulatory teams. + Build a scalable security architecture foundation across global markets. The Security Architecture Specialist is a high-impact role that directly ensures Oracle Health can securely innovate, safely deploy AI systems, and maintain regulatory readiness across all products. Disclaimer: **Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.** **Range and benefit information provided in this posting are specific to the stated locations only** US: Hiring Range in USD from: $87,000 to $178,100 per annum. May be eligible for bonus and equity. Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. Oracle US offers a comprehensive benefits package which includes the following: 1. Medical, dental, and vision insurance, including expert medical opinion 2. Short term disability and long term disability 3. Life insurance and AD&D 4. Supplemental life insurance (Employee/Spouse/Child) 5. Health care and dependent care Flexible Spending Accounts 6. Pre-tax commuter and parking benefits 7. 401(k) Savings and Investment Plan with company match 8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation. 9. 11 paid holidays 10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours. 11. Paid parental leave 12. Adoption assistance 13. Employee Stock Purchase Plan 14. Financial planning and group legal 15. Voluntary benefits including auto, homeowner and pet insurance The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted. Career Level - IC3 **About Us** As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity. We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all. Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs. We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing [email protected] or by calling +1 888 404 2494 in the United States. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.