WHO WE ARE:

Aviatrix® is pioneering the Cloud Native Security Fabric — the architecture the Containment Era requires. The Cloud Native Security Fabric governs every workload communication path across every cloud, every VPC, every Kubernetes cluster, and every serverless function, from a single policy plane. One rule. Universal propagation. Enforced at the workload, not at a chokepoint. Trusted by more than 500 of the world's leading enterprises. For more information, visit aviatrix.ai

About the Role – Staff Engineer, Cloud Networking & Network Security

We are seeking a Staff Engineer – Cloud Networking & Network Security to design, build, and evolve cloud-native networking and security capabilities across multi-cloud environments. This role is intended for a strong hands-on networking engineer with deep experience in routing, NAT, traffic forwarding, and firewall data planes. You will work on complex, production-grade networking systems and contribute to architecture and design decisions within your domain, while partnering closely with senior engineers and architects.

You will be responsible for delivering robust networking functionality—from detailed design and implementation through production rollout, scale, and operational maturity.

Key Responsibilities

Networking Design & Implementation

• Design and implement networking components for cloud networking and security products, spanning both control plane and data plane.
• Contribute to architectural designs for routing, NAT, traffic steering, and firewall enforcement within defined product areas.
• Own medium-to-large technical problem areas and drive them from design through production.

Cloud Networking Platforms

• Design and work with cloud networking topologies, including:
• VPC/VNet segmentation and routing architectures
• Hub-and-spoke and transit networking models
• Hybrid and multi-cloud connectivity patterns
• Work hands-on with cloud-native networking constructs such as:
• Gateways, routing tables, NAT gateways
• Managed and custom firewall services
• Ensure implementations align with security best practices and zero-trust principles.

Routing, NAT & Traffic Engineering

• Design and implement routing-centric features, including:
• Dynamic routing using BGP
• Policy-based routing and traffic steering
• Route summarization, convergence, and failure handling
• Implement and scale NAT functionality, including:
• SNAT, DNAT, and bidirectional NAT
• Centralized vs distributed NAT designs
• Capacity planning, port exhaustion handling, and resiliency
• Develop a strong understanding of packet-level behavior across gateways, firewalls, and load balancers.

Firewall & Data-Plane Systems

• Contribute to the design and implementation of firewall data planes, including:
• Policy evaluation and enforcement pipelines
• Stateful vs stateless inspection models
• Work on performance-sensitive packet processing paths with a focus on correctness and scalability.
• Debug complex scenarios involving asymmetric routing, NAT traversal, and multi-path traffic.

Execution & Collaboration

• Deliver features from design to production with a strong focus on quality, scalability, and operability.
• Participate actively in technical design reviews, providing feedback on networking correctness and performance.
• Collaborate closely with product management, QA, and operations teams to deliver reliable, shippable solutions.
• Mentor junior engineers on networking fundamentals, packet flows, and troubleshooting techniques.

Required Skills & Experience

• Bachelor’s or Master’s degree in Computer Science, Electrical Engineering, Networking, or a related field.
• 6+ years of experience building networking-intensive systems or cloud networking features.
• Hands-on experience developing or operating cloud networking or network security products.
• Strong understanding of IP networking fundamentals, including:
• TCP/IP, ARP, ICMP
• Subnetting, CIDR planning, and IP address management
• Solid experience with routing, including:
• BGP fundamentals (design, policy control, troubleshooting)
• Static vs dynamic routing models
• ECMP and failover concepts
• Strong hands-on experience with NAT, including:
• SNAT and DNAT behavior
• Common corner cases and failure scenarios
• Interaction of NAT with routing and firewalls
• Experience working with firewall and network security technologies, such as:
• Policy-based rule engines
• Stateful and stateless firewalls
• NGFW or cloud-native firewall services
• Proficiency in Python and/or Go (Golang) for building control-plane services, tooling, or automation.
• Good understanding of distributed systems concepts as applied to networking control planes.
• Familiarity with Kubernetes networking concepts, including CNI and service networking.
• Hands-on experience with one or more public cloud networking stacks (AWS, Azure, GCP, OCI).

Nice to Have

• Experience with virtual routers, SDN controllers, or network operating systems.
• Exposure to high-performance packet processing technologies (eBPF, DPDK, XDP).
• Experience working on high-scale or latency-sensitive networking systems.
• Contributions to open-source networking or cloud infrastructure projects.
• Certifications such as AWS Advanced Networking, GCP Professional Cloud Network Engineer, CCNP/CCIE, or equivalent.

Watch our culture video: glimpse of life at Aviatrix