Description

Dinè Source is seeking an expert Senior Database Modeler to design, implement, and maintain the highly secure Oracle database environment. The ideal candidate will be a subject matter expert in advanced Oracle security features and will be responsible for translating stringent Zero Trust and IL5 security requirements into a robust, scalable, and enforceable database architecture. You will be the primary steward of the database schema and its underlying security model, ensuring data is protected at every layer through sophisticated access controls and encryption.

Key Responsibilities

• Design, implement, and manage the logical and physical data models for the Oracle schema, ensuring alignment with strict security and performance requirements.

• Serve as the technical lead for implementing and enforcing multi-layered database security controls, with a primary focus on Oracle Label Security (OLS) and Oracle Database Vault (DV).

• Develop and maintain a secure data access layer, ensuring all application data access occurs exclusively through definer-rights PL/SQL packages and secured views.

• Create and configure Oracle Label Security (OLS) policies, including hierarchical security levels, data compartments, and organizational groups to enforce row-level data access.

• Establish and manage Database Vault (DV) realms and command rules to protect base tables and critical packages from unauthorized access, including privileged database administrator accounts.

• Implement Virtual Private Database (VPD/FGAC) policies as an additional layer of defense for filtering data based on session context.

• Collaborate closely with Java application developers to define the PL/SQL API contract for data access and to ensure the correct and secure propagation of end-user session context.

• Implement and configure data-at-rest encryption using Transparent Data Encryption (TDE) and column-level masking for PII using Oracle Data Redaction.

• Ensure the database design supports comprehensive and immutable auditing by integrating session context (CLIENT_IDENTIFIER, MODULE, ACTION) into all relevant policies and triggers.

• Uphold and contribute to the evolution of database security standards, ensuring ongoing compliance with Zero Trust and IL5 architectural principles.

Required Skills and Qualifications

• Working experience as an Oracle Database Modeler, Database Architect, or a similar role in a security-focused environment.

• Deep, hands-on expertise with implementing and managing advanced Oracle security features, specifically:

• Oracle Label Security (OLS)

• Oracle Database Vault (DV)

• Proven track record of designing and building secure data access APIs using PL/SQL packages, stored procedures, and views.

• Strong proficiency in PL/SQL and a deep understanding of how to build a secure, definer-rights-based API layer.

• Expert knowledge of Oracle's session context mechanisms (SYS_CONTEXT, DBMS_SESSION) and their use in enforcing security policies.

• Solid understanding of relational database design principles and performance tuning.

• Familiarity with secure network connectivity concepts for databases (e.g., TCPS/TLS).

Preferred Qualifications

• Experience designing database solutions for compliance with government or military security standards (e.g., DoD IL5, DISA STIGs).

• Practical experience applying Zero Trust security principles to a database environment.

• Hands-on experience with Oracle Transparent Data Encryption (TDE) and Oracle Data Redaction.

• Familiarity with high-availability Oracle solutions such as Real Application Clusters (RAC) or Data Guard.

• Understanding of application-level concerns, including JDBC connection pooling and the challenges of context management.

• Knowledge of enterprise identity management (e.g., Microsoft Entra ID) and secrets management solutions (e.g., HashiCorp Vault, CyberArk).

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.

#dinesourcejobs

PI283013575