Cruise’s Network Access Engineering team is seeking a Staff Network Security Engineer to help us architect, build and operate secure, scalable access networks across our growing global footprint of facilities.
You will be essential for ensuring Cruise’s network designs are secure and that we’ve an effective, consolidated network automation strategy encompassing observability, device lifecycle management, security policy and vulnerability remediation.
You are a network security SME with strong, influential opinions on networking and network access security, ensuring Cruise's network architectures have security baked-in as a basis of their designs.
Your scope includes (but not limited to): Identity management, access-layer network controls, policy management & enforcement, remote client VPN system strategy & architecture, endpoint vulnerability identification & remediation, and edge access policy dissemination.
If you're interested in building and operating the global network that supports our autonomous driving mission, let's talk!
What you’ll be doing:
- Create and maintain standards-based network designs for Cruise’s access network infrastructure
- Shape a convergence strategy for our current mix of Cisco, Arista, Palo Alto, Fortinet and Aruba network equipment that exist across disparate network teams
- Create, manage, and maintain access network infrastructure documentation
- Identify, build and mature common access network workflows and design
- Help build, maintain, and automate Cruise’s global network, focusing on secure authentication and authorization mechanisms
- Own the remediation of security vulnerabilities, including implementing network access controls through systems like Cisco ISE and/or FreeRADIUS
- Design and implement robust network security policies and procedures through centralized management and automation of network devices
- Participate in an on-call rotation
What you must have:
- Experience running and guiding network operations and observability initiatives
- Senior resource in a network operations team supporting Cisco, Arista, Palo Alto, Fortinet and Aruba platforms
- Expertise in engineering and deploying and access layer connectivity (wired Ethernet & WiFi wireless access) and their policies via scalable automation (CI/CD)
- Expertise in managing and utilizing network monitoring systems and integrating them for automation consumption and triggering
- Expert knowledge of network security best-practices and design patterns
- Experience with understanding of SRE best practices and experience with publishing service SLOs
- Hands-on knowledge and troubleshooting experience of L2 and L3 networking and routing protocols (802.11x, STP, IPv4, IS-IS, BGP, etc.)
- Expert level knowledge of edge firewall technologies, remote VPN solutions, and SASE & SD-WAN architectures
- Expert experience with engineering and delivering solutions in 3 or more of the following automation languages and platforms/technologies such as: Terraform, GitHub, Python, GoLang, Jupyter, Batfish, Docker, K8s and Ansible
Bonus Points:
- Strong experience deploying multiple NAC solutions and experience as part of segmentation solutions
- Deep hands-on experience with Cloud deployments in all major cloud vendors GCP, AWS and Azure
- Experience with with automation platforms/technologies logging services: Chronosphere, Humio
- Experience with leading introduction and adoption of DevOps best practices
The salary range for this position is $173,400 - $255,000. Compensation will vary depending on location, job-related knowledge, skills, and experience. You may also be offered a bonus, long-term incentives, and benefits. These ranges are subject to change.
