Senior Database Modeler

About The Position

Requirements

• Working experience as an Oracle Database Modeler, Database Architect, or a similar role in a security-focused environment.
• Deep, hands-on expertise with implementing and managing advanced Oracle security features, specifically:
• Oracle Label Security (OLS)
• Oracle Database Vault (DV)
• Proven track record of designing and building secure data access APIs using PL/SQL packages, stored procedures, and views.
• Strong proficiency in PL/SQL and a deep understanding of how to build a secure, definer-rights-based API layer.
• Expert knowledge of Oracle's session context mechanisms (SYS_CONTEXT, DBMS_SESSION) and their use in enforcing security policies.
• Solid understanding of relational database design principles and performance tuning.
• Familiarity with secure network connectivity concepts for databases (e.g., TCPS/TLS).

Nice To Haves

• Experience designing database solutions for compliance with government or military security standards (e.g., DoD IL5, DISA STIGs).
• Practical experience applying Zero Trust security principles to a database environment.
• Hands-on experience with Oracle Transparent Data Encryption (TDE) and Oracle Data Redaction.
• Familiarity with high-availability Oracle solutions such as Real Application Clusters (RAC) or Data Guard.
• Understanding of application-level concerns, including JDBC connection pooling and the challenges of context management.
• Knowledge of enterprise identity management (e.g., Microsoft Entra ID) and secrets management solutions (e.g., HashiCorp Vault, CyberArk).

Responsibilities

• Design, implement, and manage the logical and physical data models for the Oracle schema, ensuring alignment with strict security and performance requirements.
• Serve as the technical lead for implementing and enforcing multi-layered database security controls, with a primary focus on Oracle Label Security (OLS) and Oracle Database Vault (DV).
• Develop and maintain a secure data access layer, ensuring all application data access occurs exclusively through definer-rights PL/SQL packages and secured views.
• Create and configure Oracle Label Security (OLS) policies, including hierarchical security levels, data compartments, and organizational groups to enforce row-level data access.
• Establish and manage Database Vault (DV) realms and command rules to protect base tables and critical packages from unauthorized access, including privileged database administrator accounts.
• Implement Virtual Private Database (VPD/FGAC) policies as an additional layer of defense for filtering data based on session context.
• Collaborate closely with Java application developers to define the PL/SQL API contract for data access and to ensure the correct and secure propagation of end-user session context.
• Implement and configure data-at-rest encryption using Transparent Data Encryption (TDE) and column-level masking for PII using Oracle Data Redaction.
• Ensure the database design supports comprehensive and immutable auditing by integrating session context (CLIENT_IDENTIFIER, MODULE, ACTION) into all relevant policies and triggers.
• Uphold and contribute to the evolution of database security standards, ensuring ongoing compliance with Zero Trust and IL5 architectural principles.