Network Security Engineer
- Los Gatos, California
- Content Delivery
Netflix is responsible for a significant amount of internet traffic at peak times and we're working collaboratively with ISPs to deploy Open Connect, Netflix's Content Delivery Network (CDN). Open Connect delivers 100% of our video traffic today, but we're continually adding functionality to support more advanced applications and further improve the quality of experience for our customers. To support this, we have a global network connecting 80+ sites and thousands of partners, and we're working with network hardware vendors and internal development teams to deliver innovative features at ever-increasing density.
We're seeking a Network Security Engineer to help us identify, mitigate and prevent vulnerabilities within our CDN.
This position will focus on network hardware and software, but will work closely with our security teams on the CDN operations and platform security teams.
You'll be supported by top engineering talent, a thoughtful responsible disclosure program, and will be part of a well-loved brand and product.
- Proactively seek, identify, explore and resolve vulnerabilities in the Netflix CDN, both on network hardware and internally and externally developed software
- Evaluate new network hardware and firmware for vulnerabilities and establish appropriate configurations for security-related features (e.g. AAA and logging)
- Ensure that vulnerabilities identified internally, by vendors, or via our responsible disclosure program are mitigated
- Identify areas of risk prior to service rollout by collaborating with engineering and development
- Coordinate with Netflix's Security Incident Response team, vendors, and partners
- A deep understanding of network protocols, including IP and related transports, BGP, and IS-IS
- A deep understanding of network hardware internals, including forwarding, filtering, and policing mechanisms
- A solid understanding of application protocols, including DNS, DNSSEC, HTTP, and TLS
- Experience with and understanding of routing authentication mechanisms including RPKI
- Familiarity with network hardware and software, preferably including Arista EOS and Cisco IOS-XR
- Experience with DDoS detection and defense strategies at scale
- Strong written and verbal communications skills