Responsibilities
Architect and implement distributed systems to deliver security controls at the network level in Salesforce public and private clouds. Such solutions cover but are not limited to network policy management, ACLs enforcement, distributed firewalls, DDoS and network protection for bare metal servers, containers, and VMs
Develop software solutions and microservices to support our network security platforms at one or more of the following levels: low-level OS components, data center distributed platforms, user interfaces
Research and implement new networking security solutions and platforms for intra- and cross-datacenter network flows
Advance and operate these security scanning platforms in a full DevOps model
Operate in an Agile development environment, including participating in daily scrums
Support the team’s engineering excellence by performing code reviews and mentoring junior team members
Requirements - one or more of the following fields:
Industry experience.
8+ years, including:
3+ years experience in SaaS, PaaS or IaaS software development
3+ years experience in a high-availability 24/7 environment (cloud platforms are a plus)
Education. M.Sc/M.Eng in Computer Science/Engineering or B.A/B.Sc. in same disciplines with equivalent years of experience
Networking (Security).
Industry-level expertise in any of the following networking (security) aspects
Network security platforms, including segmentation, ACLs, DPI, DDoS protection. Examples include:
Software: iptables, ipsec, VPN, IDS, firewall management platforms, ACL compilers and tooling (Capirca)
Hardware: switch ACLs, stateful firewalls, network segmentation, security zones
VM and containers network stacks (OpenStack’s Neutron, Cilium, Romana)
Network control planes and agents (Calico, Flannel, Contiv, Contrail, OVN)
OSI model and debugging network traffic
Networking protocols (TCP/UDP, BGP, DNS, DHCP)
Datacenter network architecture at software platform and hardware devices (NAT, VXLAN, overlay/underlay)
Network security architectures and implementations in public clouds (e.g., AWS, Azure, GCP)
Platform development.
Proven track of designing and coding large-scale PaaS or IaaS systems, especially for public cloud providers (e.g., AWS, Azure, GCP)
Programming.
Proficiency in object-oriented and multi-threaded programming in at least one of the following languages: Golang, Java, C++, Python
Operating systems.
Development and software management on Linux systems (e.g., CentOS, RHEL)
Security.
Strong knowledge in security fundamentals: authentication/authorization frameworks (e.g., SSO, SAML, Oauth), secure transport (e.g., SSL, TLS), identity management (e.g., certificates, PKI)
DevOps mindset and strong ownership over owned code (test, monitor, deploy, maintain)
Communication.
Excellent oral and written communication skills
Team.
Ability to value team success beyond personal contributions
Desired Skills/Experience
Distributed systems.
Expertise in designing, implementing and operated distributed systems architectures and concepts, including any of the following:
High-performance, high-availability (99.999%) and self-recoverable systems
Control, orchestration and automation platforms
RPC frameworks (e.g., Protobuf/gRPC, Thrift, Bond)
Consensus and consistency frameworks (e.g., Paxos, Raft, strong/eventual consistency)
Data-processing systems (e.g., Lambda architecture, Kafka, RabbitMQ, ELK)
Storage solutions (e.g., Cassandra, MongoDB, Hadoop, Redis, Zookeeper)
Software design.
Demonstrated expertise in applying systems patterns (e.g., Client-server, N-tier, Master/Slave, MVC) and API constructions (e.g., Swagger, OpenAPI)
VMs/Containers.
Hands-on experience with VMs and container technologies (e.g., OpenStack, Docker, Kubernetes)
Full-software ownership
From idea to running in production: design, code, writing unit tests, performing integration tests, deploying to production, supporting the system in the production environments