As a Senior/Staff Network Security Engineer, you will design, implement, and operate security controls across Zoox's enterprise, OT networks, and cloud infrastructure. This role involves securing hybrid/multi-cloud architectures, managing firewall platforms, and driving automation with IaC.
190k – 228k/yr
Hybrid8+ YOESecurity Engineering
About the role
In This Role, You Will...
Design, implement, and maintain secure hybrid/multi-cloud network architectures (AWS/GCP, CloudWAN, SD-WAN); enforce zero-trust access controls and network segmentation across corporate, data center, lab, and edge environments; develop and maintain related policies, standards, and architecture diagrams
Own and operate next-generation firewall platforms (Palo Alto Networks, Fortinet), managing policy architecture, segmentation, NAT, URL filtering, SSL/TLS decryption, and threat prevention tuning
Architect, operate, and own the lifecycle of secure remote access solutions (VPN, ZTNA, GlobalProtect, site-to-site tunnels), ensuring high availability, certificate-based authentication, and integration with identity providers (SAML, Entra ID)
Drive automation and Infrastructure-as-Code (IaC) using Terraform, Python, CI/CD, and REST APIs for configuration management, firewall policies, and security baselines; integrate LLM-based tools to streamline operational tasks and reduce manual toil
Oversee security operations including 24/7 network security monitoring, traffic analysis, threat detection, vulnerability assessments, and remediation; support compliance requirements by conducting security reviews for new projects and infrastructure changes
Lead 802.1X/certificate-based Network Access Control (NAC) initiatives across wired and wireless environments
Define team roadmap, mentor engineers, and lead cross-functional security initiatives with Product Security, SRE, IT, and Software Engineering teams
Qualifications
Experience: 8+ years of network security engineering experience securing enterprise, cloud, and OT/lab environments
Platform Expertise: Deep, hands-on expertise in next-gen firewalls (Palo Alto, Fortinet), AWS NFW, WAFs, IDS/IPS, NAC/802.1X, PKI, VPN, and ZTNA solutions (Zscaler, Prisma Access, or equivalent)
Technical Knowledge: Strong understanding of core network protocols (TCP/IP, BGP, OSPF, VLAN, 802.1X, TLS/PKI) and cloud networking security principles (AWS, GCP, or Azure)
Automation: Hands-on experience with IaC and automation tooling including Terraform, Python, CI/CD pipelines, and REST APIs
Security Operations: Experience with network security monitoring, threat detection, and security operations tooling (SIEM, IDS/IPS, Zeek, Suricata, vulnerability management platforms), including integration with network controls
Compliance: Proven experience supporting major compliance initiatives (NIST 800-53, CSF 2.0, ISO 27001), including control implementation and evidence collection
Bonus Qualifications
Experience in autonomous vehicle, robotics, or automotive environments
Certifications: PCNSE, AWS Security Specialty, CCNP/CCIE Security, or CISSP
Experience experimenting with or deploying AI/ML-based security capabilities (e.g., anomaly detection, behavioral analytics, LLM-driven copilots) in network or cloud security workflows
Staff engineer building AI-powered anti-abuse detection systems, LLM guardrails, and automated responses to phishing, cryptomining, and platform exploitation. Requires 8+ years in security engineering with Python/TypeScript and ML/LLM experience.
190k – 240k/yr
Hybrid8+ YOESecurity Engineering
Staff Software Engineer - IAM
DatabricksMountain View, CA
Leads development of IAM and security systems at scale to protect customer data on Databricks platform. Requires 7+ years in data security, 10+ years in distributed systems, and MS/PhD.
191k – 275k/yr
On-site7+ YOESecurity Engineering
Staff Software Engineer - Security Infrastructure
DatabricksMountain View, CA
Leads security infrastructure engineering to secure Databricks platform, plugging gaps in services like cryptography, Kubernetes security, and access control. Requires 7+ years in data security, 10+ in distributed systems, and MS/PhD.
191k – 254k/yr
On-site7+ YOESecurity Engineering
Staff Product Security Engineer
RipplingSeattle, WA +2
Hands-on staff security engineer building guardrails, tooling, and automations to secure Rippling's web applications. Requires 10+ years in product security, fluency in Python/React/DRF, and experience embedding security into SDLC and CI/CD.
189k – 315k/yr
Hybrid10+ YOESecurity Engineering
Staff Engineer, Cloud Security
IllumioSunnyvale, CA
Develops containerized microservices in Go for Illumio's cloud security platform, processing real-time cloud telemetry on Kubernetes to deliver security insights and recommendations. Requires 8+ years experience with public clouds (AWS/Azure/GCP) and mentors junior engineers.