Software Engineer - Network Transport Security
Engineering | San Jose, CA | Full Time
Have you always had the itch to be part of a startup? Have you dreamt of taking on something transformational, unique and challenging that gives you a high every time? Well, you might be interested in what CloudGenix is after.
Right now in super-stealth mode, at CloudGenix we want to disrupt decades-old practices in networking. You can expect to be surrounded by super-energy folks and take on tough challenges in the networking space that have been safely shoved aside in the past.
• Lead the architecture, design and development of network transport security control plane and associated networking layers.
• Engage with system and solution architects in shaping the first version of the product from scratch.
• Be the driving force behind networking simplicity with a push towards zero-touch secure networking.
• In depth understanding of transport security requirements and solutions related to authentication/authorization, key exchange, bulk cryptography, message signing
• In depth knowledge of PKI – Certificates, Public/Private Key uses in PKI, CA validation, OCSP
• Detailed protocol level understanding and implementation experience of control and data planes with one of of SSL/TLS or IPSEC VPNs is a must
• If IPSEC VPN background then solid implementation experience with IKEv1, IKEv2, AH, ESP. Certificate based authentications
• If SSL/TLS background then solid implementation experience of TLS v1.0/v1.1/v1.2 handshake, session cache management, bi-directional certificate authentication and validation.
• 5+ years relevant experience with a BS or MS degree in relevant field.
• 3+ years as a senior/lead engineer on a VPN project/product where you drove a scalable and flawless implementation of secure connectivity between network devices.
• L3/4 Firewall implementations
• Background in freeSwan, strongSwan, Racoon, Racoon2
• Background in OpenVPN
• Kerberos based authentication
• Development under Linux environment
• Understanding of DMVPN, GETVPN, EZVPN
• HW based offload of VPN traffic on consumer class and enterprise class SoC
• Multi-core design and implementation that scales on capacity and performance vectors for encryption and decryption
• Networking protocols – BGP, OSPF and their interactions with dynamic VPN tunnels.