Oracle Cloud Infrastructure (OCI) network segmentation architect

The primary objective of this engagement is to design, implement, test, document, and hand over a secure and scalable Oracle Cloud Infrastructure (OCI) network segmentation architecture that aligns with industry best practices and the customer’s security, compliance, and operational requirements.

The engagement aims to ensure:

• Clear separation of network zones (e.g. production and non‑production)
  
• Strong security controls using OCI native networking and security services
  
• Operational readiness through comprehensive documentation and Standard Operating Procedures (SOPs)
  
• Effective knowledge transfer to enable long‑term operational ownership by the customer
  

The OCI Administrator will work closely with customer stakeholders to validate requirements, collaborate on design decisions, implement the solution, and ensure full operational sustainability.

2. Scope of Work

Primary Scope – OCI Network Segmentation

Design & Architecture

• Review existing OCI tenancy, compartments, and network topology.
  
• Collaborate with customer stakeholders to define network segmentation requirements, including:
  • Environment separation (e.g. Prod, Non‑Prod, Dev, Test)
    
  • Application and data tier separation
    
  • Shared services and management network design
    
• Design a target-state OCI network architecture, including:
  • Virtual Cloud Networks (VCNs)
    
  • Subnet design
    
  • Route tables, gateways, and traffic flows
    
• Validate the design against Oracle OCI best practices and customer security standards.
  

Implementation

• Implement OCI network segmentation as per the approved design, including:
  • Creation and configuration of VCNs and subnets
    
  • Network routing configuration (DRG, IGW, NAT Gateway, Service Gateway as applicable)
    
  • Network Security Groups (NSGs) and/or Security Lists
    
  • OCI routing and access isolation between environments and tiers
    
• Ensure adherence to least-privilege and zero-trust principles where applicable.
  

Testing & Validation

• Perform connectivity and segmentation testing, including:
  • Allowed and denied traffic validation
    
  • Inter-segment communication testing
    
• Capture and maintain test evidence.
  
• Support remediation and tuning based on test outcomes.
  

Documentation

• Create and/or update detailed technical documentation covering:
  • Network architecture diagrams
    
  • Segmentation logic and traffic flows
    
  • Security controls and routing configuration
    
• Ensure all documentation is reviewed and approved by relevant stakeholders.
  

Standard Operating Procedures (SOPs)

• Develop SOPs where applicable, including but not limited to:
  • Adding new subnets or segments
    
  • Modifying routing or security rules
    
  • Troubleshooting network connectivity issues
    
• Ensure SOPs are clear, reusable, and operationally focused.
  

Knowledge Transfer

• Conduct structured knowledge transfer sessions for customer operations and cloud teams.
  
• Walk through architecture, security design, SOPs, and operational considerations.
  
• Address questions and validate readiness for handover.
  

3. Out of Scope (unless explicitly agreed)

• Application-level design or refactoring
  
• Migration of workloads between environments
  
• Third-party firewall or non-OCI network appliance configuration
  
• Ongoing managed services or day-to-day operations after handover
  

4. Deliverables

• Approved OCI network segmentation design
  
• Implemented OCI network configuration
  
• Network architecture diagrams
  
• Security and routing configuration documentation
  
• Test results and validation evidence
  
• SOP documents for operational support
  
• Knowledge transfer session completion
  

5. Roles & Responsibilities

OCI Administrator

• Lead design and implementation of network segmentation
  
• Produce documentation and SOPs
  
• Support testing, validation, and knowledge transfer