Distributed Systems Developer, Software Defined Security

Job description

Job Category

Products and Technology

Job Details

 

The Security team at Salesforce is building a brand new platform for network segmentation and access control of inter-service communication. We are looking at a state-of-the-art framework that provides automated translation from user specifications of service access rules to various access control points in our cloud infrastructure where these rules are enforced. This control platform spawns different networking layers (from containers, VMs, physical servers and networking devices) and technologies (network segmentation, firewalls, hypervisor

and tenants controls).
 

This is a great opportunity for engineers that want a comprehensive technical growth as it involves developing skills on three coordinates:

- Security: experimenting with access control/packet filtering techniques and kernel modules, managing and monitoring communication among services.

- Networking: exploring and implementing solutions at various OSI layers and devices, from physical hosts to containers to network switches.  

- Development: architecting and coding solutions at kernel/hypervisor level, as well as microservices in OOO languages (Golang, Python, etc.).
 

          Responsibilities
 

-
\tDesigning and implementing networking access management solutions (software or hardware-based) across different technological stacks (physical devices, bare metal OS, hypervisors, VMs, Docker containers) in Salesforce’s private and public clouds
\t
-
\tOptimizing access control management from policy declaration to enforcement points (network ACLs, host and device-based firewalls, etc.)
\t
-
\tResearching and implementing new networking security solutions and platforms for service communication and access management (intra and inter-clouds, WAN)
\t
-
\tPerforming datacenter network architecture security assessments and architecting IaaS/PaaS platforms to harden security and availability posture
\t
-
\tDeveloping and managing production services that support network security infrastructure in a full DevOps model
\t
\t 

\tRequirements
\t 
\t
-
\t8+ years of technical experience, including:

\t -
\t\t3+ years experience in network security development
\t\t
-
\t\t3+ years experience in a high-availability 24x7x365 environment (cloud platforms are a plus)
\t\t

\t
-
\tHands-on expertise in network security development, at one or more levels

\t -
\t\tLinux kernel: netfilter, nftables/iptables, BPF, XDP, netmap, ipsec
\t\t
-
\t\tHypervisor/Container controls: KVM modules, OpenStack (Neutron, Calico), Docker CNM
\t\t
-
\t\tSecurity platforms: DDoS prevention, RBAC, VPC, VPN, IDS
\t\t
-
\t\tHardware: switch ACLs, stateful firewalls, network segmentation, security zones
\t\t

\t
-
\tProficiency in Unix/Linux systems (e.g., CentOS, RHEL, or similar)
\t
\t
\tDesired Skills/Experience
\t 
\t
-
\tM.Sc/M.Eng in Computer Science/Engineering or B.A/B.Sc. in same disciplines with equivalent years of experience
\t
-
\tExpertise in OSI model, networking investigations and tools (transport, routing and discovery protocols, packet inspection and flow troubleshooting)
\t
-
\tHands-on proficiency in building datacenter (security) network infrastructure, especially for large cloud IaaS (host bootstrap to data lifecycle, Clos architecture, PoPs)
\t
-
\tCompetence in software-based network technologies (SLB, SDN, VXLAN, VPN)
\t
-
\tExperience working with systems from one or more of the following platforms:

\t -
\t\tSoftware: OpenStack, Docker, VMWare, Illumio
\t\t
-
\t\tHardware: Palo Alto, Fortinet, Arista, Cisco Systems, Juniper Networks, Force 10, F5 Networks, Gigamon.
\t\t

\t
-
\tProven track of building large-scale PaaS/IaaS, leveraging well-known distributed systems technologies (Paxos, Raft, Zookeeper, Kafka, RabbitMQ, MongoDB, etc.)
\t
-
\tCommand over high-availability design, including multi-site routing, peering, and disaster recovery applications and network architectures
\t
-
\tDevOps mindset and full code ownership (design, code, test, deploy, monitor, maintain)
\t
-
\tAutomation/scripting skills for configuration management/monitoring (Puppet, bash)
\t
-  
-
\tCompetence in networking programming and debugging
\t
-
\tProficiency in at least one of the following programming languages: Golang, Java, C/C++, Python
\t
\t 
\t


Company Overview:
Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for \'family\') made up of our employees, customers, partners and communities, we are working to improve the state of the world.
 
 
*LI-Y

 

Posting Statement

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.