remote

Senior Staff Network Security Engineer

Network Security Engineer

Senior Staff Network Security Engineer position — see original posting for full details.

About the role

Zoox's Network Security team architects and defends the digital borders of the company — from corporate offices to engineering labs and product/mission environments. As a Senior or Staff Network Security Engineer, you will design, implement, and operate security controls across Zoox's enterprise, OT networks, and cloud infrastructure spanning on-premises data centers and public cloud environments (AWS, GCP), partnering closely with Network Engineering, IT, Product Security, and Software Engineering teams.

In This Role, You Will...

Design, implement, and maintain secure hybrid/multi-cloud network architectures (AWS/GCP, CloudWAN, SD-WAN); enforce zero-trust access controls and network segmentation across corporate, data center, lab, and edge environments; develop and maintain related policies, standards, and architecture diagrams
Own and operate next-generation firewall platforms (Palo Alto Networks, Fortinet), managing policy architecture, segmentation, NAT, URL filtering, SSL/TLS decryption, and threat prevention tuning
Architect, operate, and own the lifecycle of secure remote access solutions (VPN, ZTNA, GlobalProtect, site-to-site tunnels), ensuring high availability, certificate-based authentication, and integration with identity providers (SAML, Entra ID)
Drive automation and Infrastructure-as-Code (IaC) using Terraform, Python, CI/CD, and REST APIs for configuration management, firewall policies, and security baselines; integrate LLM-based tools to streamline operational tasks and reduce manual toil
Oversee security operations including 24/7 network security monitoring, traffic analysis, threat detection, vulnerability assessments, and remediation; support compliance requirements by conducting security reviews for new projects and infrastructure changes
Lead 802.1X/certificate-based Network Access Control (NAC) initiatives across wired and wireless environments
Define team roadmap, mentor engineers, and lead cross-functional security initiatives with Product Security, SRE, IT, and Software Engineering teams

Qualifications

Experience: 8+ years of network security engineering experience securing enterprise, cloud, and OT/lab environments
Platform Expertise: Deep, hands-on expertise in next-gen firewalls (Palo Alto, Fortinet), AWS NFW, WAFs, IDS/IPS, NAC/802.1X, PKI, VPN, and ZTNA solutions (Zscaler, Prisma Access, or equivalent)
Technical Knowledge: Strong understanding of core network protocols (TCP/IP, BGP, OSPF, VLAN, 802.1X, TLS/PKI) and cloud networking security principles (AWS, GCP, or Azure)
Automation: Hands-on experience with IaC and automation tooling including Terraform, Python, CI/CD pipelines, and REST APIs
Security Operations: Experience with network security monitoring, threat detection, and security operations tooling (SIEM, IDS/IPS, Zeek, Suricata, vulnerability manageme

About the role

In This Role, You Will...

Design, implement, and maintain secure hybrid/multi-cloud network architectures (AWS/GCP, CloudWAN, SD-WAN); enforce zero-trust access controls and network segmentation across corporate, data center, lab, and edge environments; develop and maintain related policies, standards, and architecture diagrams
Own and operate next-generation firewall platforms (Palo Alto Networks, Fortinet), managing policy architecture, segmentation, NAT, URL filtering, SSL/TLS decryption, and threat prevention tuning
Architect, operate, and own the lifecycle of secure remote access solutions (VPN, ZTNA, GlobalProtect, site-to-site tunnels), ensuring high availability, certificate-based authentication, and integration with identity providers (SAML, Entra ID)
Drive automation and Infrastructure-as-Code (IaC) using Terraform, Python, CI/CD, and REST APIs for configuration management, firewall policies, and security baselines; integrate LLM-based tools to streamline operational tasks and reduce manual toil
Oversee security operations including 24/7 network security monitoring, traffic analysis, threat detection, vulnerability assessments, and remediation; support compliance requirements by conducting security reviews for new projects and infrastructure changes
Lead 802.1X/certificate-based Network Access Control (NAC) initiatives across wired and wireless environments
Define team roadmap, mentor engineers, and lead cross-functional security initiatives with Product Security, SRE, IT, and Software Engineering teams

Qualifications

Experience: 8+ years of network security engineering experience securing enterprise, cloud, and OT/lab environments
Platform Expertise: Deep, hands-on expertise in next-gen firewalls (Palo Alto, Fortinet), AWS NFW, WAFs, IDS/IPS, NAC/802.1X, PKI, VPN, and ZTNA solutions (Zscaler, Prisma Access, or equivalent)
Technical Knowledge: Strong understanding of core network protocols (TCP/IP, BGP, OSPF, VLAN, 802.1X, TLS/PKI) and cloud networking security principles (AWS, GCP, or Azure)
Automation: Hands-on experience with IaC and automation tooling including Terraform, Python, CI/CD pipelines, and REST APIs
Security Operations: Experience with network security monitoring, threat detection, and security operations tooling (SIEM, IDS/IPS, Zeek, Suricata, vulnerability manageme

Senior Staff Network Security Engineer

About the role

Senior Staff Network Security Engineer

About the role

Skills