Join OCI’s Edge Security team as a Principal Engineer to architect and deliver cloud-scale DDoS protection. You’ll lead design for high-performance detection and mitigation systems, drive automation and operational excellence, and set the technical direction for customer-facing DDoS capabilities across OCI’s global edge.
This role requires deep expertise in Linux networking data path and kernel-level networking (such as XDP, eBPF, DPDK, iptables, nftables), in addition to strong systems and DevOps engineering experience.
Basic qualifications
* 7–10 years building production backend systems, including 3–5 years in high-scale and / or low-latency environments.
* Deep expertise in Linux networking data path and kernel-level networking (e.g., XDP, eBPF, dpdk, iptables, nftables) for traffic processing, filtering, and observability.
* Proficiency in one or more : Java / Python / C++ / Rust / Go (strong preference for Java for control-plane / services).
* Deep systems design expertise : concurrency, memory management, performance tuning, API design, consistency models, and distributed systems fundamentals.
* Proven DevOps leadership at scale : CI / CD, automated testing, canarying, rollout / rollback, configuration management.
* Strong IaC experience (e.g., Terraform) and solid cloud infrastructure fundamentals.
* Domain experience in DDoS or network security services and common attack / defense patterns.
* Advanced networking knowledge : TCP / IP, IPv4 / IPv6, BGP, routing policy; DNS fundamentals.
* Demonstrated operational excellence and observability practices (metrics, tracing, alerting).
Preferred qualifications
* Expertise with anycast routing, global traffic steering, and multi-region service readiness.
* Experience SDN, programmable data planes, or hardware mitigation platforms.
* Building high-rate telemetry / streaming pipelines for near-real-time detection (packet / flow analytics).
* Background in resilience engineering, chaos testing, disaster recovery, and capacity planning at hyperscale.
* Containerization / orchestration (e.g., Kubernetes) and secure service-to-service communication (mTLS, policy enforcement).
* Familiarity with zero trust, segmentation, and modern security architectures; exposure to compliance frameworks and audit preparation.
How you’ll have impact
* Deliver core DDoS detection / mitigation that protects OCI’s Tier 0 availability and customer trust.
* Launch customer-facing DDoS offerings with self-service policy, visibility, and strong defaults.
* Raise engineering quality, automation, and compliance maturity across the stack; mentor and grow the team’s technical bar.
Ways of working
* Security and privacy by design with auditable controls and policy adherence from day one.
* Data-driven delivery with clear KPIs, SLOs, and stage gates from prototype to GA.
* Collaborative, inclusive culture emphasizing design docs, code reviews, and knowledge sharing.
What you’ll do
* Lead architecture and delivery of low-latency backend services for DDoS detection, classification, and mitigation.
* Define and evolve scalable data / control planes (policy, signaling, telemetry, orchestration) with strong fault isolation, resiliency, and compliance-by-design.
* Own traffic engineering strategy (anycast, BGP policy, routing integration) and partner with networking, DNS, and edge platform teams.
* Set operational standards : SLOs / SLAs, on-call health, incident response (including incident commander duties), runbooks, and post-incident learning.
* Drive automation at scale : CI / CD strategy, test frameworks, progressive delivery (canary / blue-green), and infrastructure-as-code.
* Establish robust observability (metrics, logs, traces) and capacity / scale models for high-throughput, highly available services.
* Lead threat modeling, architecture reviews, and audit readiness for Tier 0 services; ensure security and privacy are embedded through the lifecycle.
* Mentor engineers, influence cross-org roadmaps, and collaborate with Product, SRE, and Network Engineering from concept to GA.
#J-18808-Ljbffr