WHO WE ARE:

For enterprises struggling to secure cloud workloads, Aviatrix® offers a single solution for pervasive cloud security. Where current cybersecurity approaches focus on securing entry points to a trusted space, Aviatrix Cloud Native Security Fabric (CNSF) delivers runtime security and enforcement within the cloud application infrastructure itself – closing gaps between existing solutions and helping organizations regain visibility and control. Aviatrix ensures security, cloud, and networking teams are empowering developer velocity, AI, serverless, and what’s next. For more information, visit www.aviatrix.com.

ABOUT THE ROLE: Principal Engineer – Cloud Networking & Network Security

We are seeking a Principal Engineer – Cloud Networking & Network Security to architect and deliver large-scale, cloud-native networking and security platforms across multi-cloud environments.

This role is intended for a deep networking expert with extensive experience designing cloud networking products with focus on routing-centric, NAT-heavy, data-plane–intensive systems—from early protocol and architecture design to production rollout, scale, and long-term evolution.

You will serve as a technical authority for networking architecture, owning complex problems across routing, traffic forwarding, NAT, firewall enforcement, and high-volume telemetry in modern cloud environments.

Key Responsibilities

Networking Architecture & Technical Leadership

• Own the end-to-end networking architecture of cloud networking and security products, including control-plane and data-plane design.
• Define architectural standards for routing, NAT, traffic steering, and firewall enforcement at cloud scale.
• Act as the senior technical authority for complex networking issues spanning multi-cloud and hybrid environments.

Cloud Networking Platforms

• Architect complex cloud networking topologies, including:
• VPC/VNet segmentation and transit architectures
• Hub-and-spoke and mesh designs
• Multi-cloud and hybrid connectivity
• Work deeply with cloud-native networking constructs, such as:
• Cloud gateways, routing tables, NAT gateways
• Managed and custom firewall services
• Ensure architectures align with zero-trust networking principles and security best practices.

Routing, NAT & Traffic Engineering

• Architect and implement routing-centric designs, including:
• Dynamic route exchange and control (BGP)
• Policy-based routing and traffic steering
• Route summarization, convergence, and failure handling
• Design and scale NAT architectures, including:
• SNAT, DNAT, and bidirectional NAT
• Centralized vs distributed NAT tradeoffs
• High-scale NAT capacity planning, port exhaustion handling, and resiliency
• Design traffic flows across gateways, firewalls, and load balancers with a strong understanding of packet-level behavior.

Firewall & Data-Plane Systems

• Lead the design of next-generation firewall data planes, including:
• Policy evaluation and enforcement pipelines
• Stateful vs stateless inspection
• DPI and application-layer controls
• Drive performance-critical design decisions for high-throughput, low-latency packet processing systems.
• Ensure correct behavior across asymmetric routing, NAT traversal, and multi-path traffic scenarios.

Execution & Engineering Excellence

• Drive product delivery from concept through production, ensuring correctness, scalability, and operability.
• Lead deep technical design reviews focused on networking correctness and performance.
• Mentor engineers on advanced networking concepts, packet flows, and troubleshooting methodologies.
• Collaborate with product management and operations teams to translate networking requirements into robust, shippable products.

Required Skills & Experience

• Bachelor’s or Master’s degree in Computer Science, Electrical Engineering, Networking, or related field.
• 15+ years of experience building networking-intensive systems or products, with proven end-to-end product ownership.
• Demonstrated experience architecting cloud networking platforms or network security products at scale.
• Expert-level understanding of IP networking fundamentals, including:
• TCP/IP, ARP, ICMP
• Subnetting, CIDR planning, and address management
• Deep expertise in routing, including:
• BGP (design, policy control, route advertisement, and troubleshooting)
• Static vs dynamic routing models
• Route convergence, ECMP, and failover strategies
• Strong, hands-on experience with NAT, including:
• SNAT/DNAT behavior and corner cases
• Large-scale NAT performance and capacity planning
• NAT interactions with routing, firewalls, and asymmetric paths
• Extensive experience with firewall and network security technologies, such as:
• Policy engines and rule evaluation
• Stateful and stateless firewalls
• NGFW, IDS/IPS systems
• Cloud-native firewalls (AWS Network Firewall, Azure Firewall, GCP Cloud Armor)
• Proficiency in Python and/or Go (Golang) for building networking control-plane and management services.
• Strong understanding of distributed systems as applied to networking (control planes, consistency, failover).
• Experience working with Kubernetes networking, CNI concepts, and service networking.
• Deep familiarity with AWS, Azure, GCP, and/or OCI networking stacks.
• Solid grounding in network security frameworks and zero-trust architectures.

Nice to Have

• Background in network operating systems, virtual routers, or SDN controllers.
• Experience with high-performance packet processing (eBPF, DPDK, XDP, or similar).
• Experience designing carrier-grade or hyperscale networking systems.
• Contributions to open-source networking projects.
• Certifications such as CCIE, AWS Advanced Networking, GCP Professional Cloud Network Engineer, or equivalent.