Staff Software Engineer

Who We Are

Aviatrix® is pioneering the Cloud Native Security Fabric — the architecture the Containment Era requires. The Cloud Native Security Fabric governs every workload communication path across every cloud, every VPC, every Kubernetes cluster, and every serverless function, from a single policy plane. One rule. Universal propagation. Enforced at the workload, not at a chokepoint. Trusted by more than 500 of the world's leading enterprises. For more information, visit aviatrix.ai

Overvie

We are seeking a Staff Engineer – Cloud Networking & Network Security to design and build scalable, cloud-native networking and security systems across multi-cloud environments.

This role is ideal for a hands-on networking expert with strong experience in routing-centric, NAT-heavy, data-plane–intensive systems. You will lead the design and implementation of key networking components, drive technical decisions within your domain, and collaborate across engineering teams to deliver high-performance cloud networking products.

You will play a critical role in solving complex networking challenges spanning routing, NAT, traffic steering, firewall enforcement, and telemetry at cloud scale.

Key Responsibilities

Networking Architecture & Design

• Lead the design and implementation of major networking components across control plane and data plane.
• Contribute to architectural decisions for routing, NAT, traffic steering, and firewall enforcement.
• Own technical design documents and drive design reviews within your domain.
• Ensure networking correctness, resiliency, scalability, and operability in production environments.

Cloud Networking Platforms

• Design and implement cloud networking topologies including:
• VPC/VNet segmentation strategies
• Hub-and-spoke and mesh architectures
• Multi-cloud and hybrid connectivity models
• Work hands-on with cloud-native constructs such as:
• Cloud gateways and routing tables
• NAT gateways
• Managed and custom firewall services
• Ensure solutions align with security best practices and zero-trust principles.

Routing, NAT & Traffic Engineering

• Implement and optimize routing designs including:
• BGP-based dynamic route exchange
• Policy-based routing and traffic steering
• ECMP, failover, and convergence improvements
• Design and scale NAT systems, including:
• SNAT/DNAT implementations
• Centralized vs distributed NAT tradeoffs
• Capacity planning, port allocation strategies, and resiliency mechanisms
• Analyze packet flows across gateways, firewalls, and load balancers to ensure correct behavior in complex traffic scenarios.

Execution & Technical Leadership

• Own delivery of significant features from design through production rollout.
• Drive technical design reviews focused on networking correctness and performance.
• Mentor junior and mid-level engineers on advanced networking concepts.
• Collaborate closely with product management, SRE, and operations teams.
• Improve engineering standards, testing strategies, and observability for networking systems.

Required Skills & Experience

• Bachelor's or Master's degree in Computer Science, Electrical Engineering, Networking, or related field.
• 7+ years of experience building networking-intensive systems or products.
• Strong experience designing and implementing cloud networking or network security systems.
• Deep understanding of IP networking fundamentals:
• TCP/IP, ARP, ICMP
• Subnetting, CIDR planning, and address management
• Strong expertise in routing:
• BGP fundamentals and policy control
• Static vs dynamic routing
• ECMP, failover, and convergence behavior
• Hands-on experience with NAT:
• SNAT/DNAT behavior and edge cases
• NAT scaling considerations and performance tradeoffs
• NAT interactions with routing and firewall enforcement
• Experience with firewall and network security technologies:
• Policy engines and rule evaluation
• Stateful vs stateless firewalls
• NGFW and cloud-native firewalls
• Proficiency in Python and/or Go for building networking control-plane or management services.
• Solid understanding of distributed systems concepts applied to networking.
• Experience with Kubernetes networking, CNI models, and service networking.
• Familiarity with AWS, Azure, GCP, and/or OCI networking stacks.
• Understanding of zero-trust networking principles and security best practices

Nice to Have

• Experience with virtual routers, SDN controllers, or network operating systems.
• Exposure to high-performance packet processing technologies (eBPF, DPDK, XDP).
• Experience working on multi-region or large-scale cloud networking systems.
• Contributions to open-source networking projects.
• Certifications such as CCNP/CCIE, AWS Advanced Networking, GCP Professional Cloud Network Engineer, or equivalent.