Salesforce’s Security team is seeking a Network Security Engineer to help secure the world’s #1 CRM. We commit to Trust by upholding the highest engineering and security standards for our network security posture. You will be responsible for building, implementing, and operationally supporting network security, while also being hands-on in developing and automating secure software throughout our network.  You will design, build, and maintain an ever-changing complex architecture of network security systems and devices across multiple environments that support the needs of our internal and external customers. You will also be responsible for using established scripting skills to create and maintain, automation tools to simplify and expedite the ongoing management of these systems.

This is a great opportunity for high-reaching engineers that want comprehensive technical growth on three coordinates:

Domain expertise in Network Security: design, build and maintain a constantly evolving complex architecture of network security systems and devices across multiple environments that support the needs of our internal and external customers

Development: architecting tooling and automated solutions in an agile environment using various scripting and development languages.

Security: experimenting with access control, packet filtering, managing, and monitoring communication among services

If you excel in any of these areas and are passionate to learn about the others, this is a fantastic role to make a significant technical and business impact while operating on one of the largest cloud platforms in the world.

 Responsibilities

• Develop tooling and automation to integrate and support our first and third party network security platforms
• Develop tooling and services that integrate with the distributed systems used to deliver security controls at the network level in Salesforce’s public and private clouds. Such solutions cover but are not limited to network policy management, ACLs enforcement, distributed firewalls, DDoS, and network protection for bare metal servers, containers, and VMs
• Research and implement new networking security solutions and platforms for intra- and cross data center network flows
• Advance and operate our security platforms in a full DevOps model
• Operate in an Agile development environment, including participating in daily scrums
• Support the team’s engineering excellence by performing code reviews and mentoring junior team members
• Ensure all network issues are resolved in a timely manner, with minimal impact to customers
• Perform high-level troubleshooting and analysis to resolve root cause of network outages and implement workarounds and/or permanent solutions
• Isolate hardware and software problems on network devices and work with vendors to resolve issues as necessary
• Perform proactive network maintenance, such as code upgrades, hardware refreshes, config updates, new builds/decoms
• Work collaboratively with other engineering teams and provide support for operations teams to identify ways in which we can proactively improve the stability of the network and decrease the potential for future outages to occur
• Provide third-line customer support and technical expertise for network and security-related issues
• Drive service ownership for the Network Security Cloud; assist in efforts to streamline problem and change management processes, improve alerting and incident handling, and increase automation

Requirements

• Industry experience. 7+ years of experience in Network Security, preferably in a large scale environment
• Education. M.Sc/M.Eng in Computer Science/Engineering or B.A/B.Sc. in same disciplines or equivalent years of experience
• Networking (Security). Industry-level expertise in any of the following networking (security) aspects

Network security platforms, including segmentation, ACLs, DPI, DDoS protection. Examples include

• Software: IPtables, IPsec, VPN, IDS, firewall management platforms, ACL compilers, and tooling (Capirca)
• Hardware: switch ACLs, stateful firewalls, network segmentation, security zones

1.    VM and containers network stacks (OpenStack’s Neutron, Cilium, Romana)
2.    Network control planes and agents (Calico, Flannel, Contiv, Contrail, OVN)
3.    OSI model and debugging network traffic
4.     Networking protocols (TCP/UDP, BGP, DNS, DHCP)
5.     Datacenter network architecture at software platform and hardware devices (NAT, VXLAN, overlay/underlay)
6.     Network security architectures and implementations in public clouds (e.g., AWS, Azure, GCP)

• Programming. Proficiency in in at least one of the following: Golang, Java, C++, Python, Shell or Perl. DevOps approach and strong ownership of developed code (test, monitor, deploy, maintain)
• Operating systems. Development and software management on Linux systems (e.g., CentOS, RHEL)
• Security. Strong knowledge in security fundamentals: authentication/authorization frameworks (e.g., SSO, SAML, Oauth), secure transport (e.g., SSL, TLS), identity management (e.g., certificates, PKI)
• Communication. Excellent oral and written communication skills
• Team. Ability to value team success beyond personal contributions

Desired Skills/Experience

• Prior understanding of Agile/Scrum methodologies
• Experience with multi-tiered critical systems
• Worked in a Zero Downtime environment
• Solid hands-on technical background particularly in managing highly complex, multi-platform environments (servers, storage, networks, security, virtualization, systems monitoring, and management)
• ISO 27001, PCI, HITRUST, SOC, FISMA, FedRAMP knowledge
• Familiar with network analysis tools (Wireshark, tcpdump, etc)
• Gigamon, Lancope, Fortinet, F5 Load Balancers, ACLs (software-defined), and Certificate management/provisioning
• Security-related certifications such as OSCP, GCIH, GCIA, GPEN, GPPA, CCNP, CCNP Security, CCIE Security