Salesforce, Inc.
Software Engineering LMTS
Salesforce, Inc., San Francisco, California, United States, 94199
Network Security DeveloperLocation: US - California - San Francisco (HQ)
Salesforce is world’s #1 CRM business and Trust is our #1 value. We commit to Trust by upholding the highest engineering and security standards for our network security posture.The Security team is building a new internal cloud platform for various network security controls and management. Our mission is to develop highly-available and performant distributed systems to provide security at the network level in our private and public clouds, including microsegmentation, network policy distribution, access control at host/device level, distributed firewalling and DDoS prevention. Our scope is a wide range of compute substrates, including bare metal hosts, VMs, and containers.This is an excellent opportunity for bold engineers that want comprehensive technical growth on three coordinates:
Domain expertise in NetSec and/or distributed systems: exploring and implementing software solutions at various software layers and devices, including kernel modules, distributed control planes & agents, management APIs, and user facing platforms (including UI).Development: architecting and coding solutions in an agile environment using object-oriented paradigms (Golang, Java, C++, etc.).Security: experimenting with access control, packet filtering, handling and monitoring communication among services.If you excel in any of these areas and are passionate to learn about the others, this is an exciting role to make a significant technical and business impact while operating on one of the largest cloud platforms in the world.
Responsibilities
Architect and implement distributed systems to deliver security controls at the network level in Salesforce’s public and private clouds. Such solutions cover but are not limited to network policy management, ACLs enforcement, distributed firewalls, DDoS and network protection for bare metal servers, containers, and VMs.Develop software solutions and microservices to support our network security platforms at one or more of the following levels: low-level OS components, datacenter distributed platforms, user interfaces.Research and implement new networking security solutions and platforms for intra- and cross-datacenter network flows.Advance and operate these security platforms in a full DevOps model.Operate in an Agile development environment, including participating in daily scrums.Support the team’s engineering excellence by performing code reviews and mentoring junior team members.RequirementsIndustry experience. 8+ years, including:3+ years experience in SaaS, PaaS or IaaS software development.3+ years experience in a high-availability 24/7 environment (in both private and public cloud platforms).A related technical degree required.Networking (Security). Industry-level expertise in any of the following networking (security) aspects:Network security platforms, including segmentation, ACLs, DPI, DDoS protection. Examples include:Software: iptables, ipsec, VPN, IDS, firewall management platforms, ACL compilers and tooling (Capirca).Hardware: switch ACLs, stateful firewalls, network segmentation, security zones.VM and containers network stacks (OpenStack’s Neutron, Cilium, Romana).Network control planes and agents (Calico, Flannel, Contiv, Contrail, OVN).OSI model and debugging network traffic.Networking protocols (TCP/UDP, BGP, DNS, DHCP).Datacenter network architecture at software platform and hardware devices (NAT, VXLAN, overlay/underlay).Network security architectures and implementations in public clouds (e.g., AWS, Azure, GCP, Alibaba Cloud).Platform development: Shown track of designing and coding large-scale PaaS or IaaS systems, especially for public cloud providers (e.g., AWS, Azure, GCP, Alibaba Cloud).Programming. Proficiency in object-oriented and multi-threaded programming in at least one of the following languages: Golang, Java, C++, Python.Operating systems. Development and software management on Linux systems (e.g., CentOS, RHEL).Security. Strong knowledge in security fundamentals: authentication/authorization frameworks (e.g., SSO, SAML, Oauth), secure transport (e.g., SSL, TLS), identity management (e.g., certificates, PKI).DevOps approach and strong ownership over owned code (test, monitor, deploy, maintain).Communication. Excellent oral and written communication skills.Team. Ability to value team success beyond personal contributions.Desired Skills/ExperienceDistributed systems. Expertise in designing, implementing and operating distributed systems architectures and concepts, including any of the following:High-performance, high-availability (99.999%) and self-recoverable systems.Control, orchestration and automation platforms.RPC frameworks (e.g., Protobuf/gRPC, Thrift, Bond).Consensus and consistency frameworks (e.g., Paxos, Raft, strong/eventual consistency).Data-processing systems (e.g., Lambda architecture, Kafka, RabbitMQ, ELK).Storage solutions (e.g., Cassandra, MongoDB, Hadoop, Redis, Zookeeper).Software design. Demonstrated expertise in applying systems patterns (e.g., Client-server, N-tier, Master/Slave, MVC) and API constructions (e.g., Swagger, OpenAPI).VMs/Containers. Hands-on experience with VMs and container technologies (e.g., OpenStack, Docker, Kubernetes).Full-software ownership from idea to running in production: design, code, writing unit tests, performing integration tests, deploying to production, supporting the system in the production environments.
#J-18808-Ljbffr
Salesforce is world’s #1 CRM business and Trust is our #1 value. We commit to Trust by upholding the highest engineering and security standards for our network security posture.The Security team is building a new internal cloud platform for various network security controls and management. Our mission is to develop highly-available and performant distributed systems to provide security at the network level in our private and public clouds, including microsegmentation, network policy distribution, access control at host/device level, distributed firewalling and DDoS prevention. Our scope is a wide range of compute substrates, including bare metal hosts, VMs, and containers.This is an excellent opportunity for bold engineers that want comprehensive technical growth on three coordinates:
Domain expertise in NetSec and/or distributed systems: exploring and implementing software solutions at various software layers and devices, including kernel modules, distributed control planes & agents, management APIs, and user facing platforms (including UI).Development: architecting and coding solutions in an agile environment using object-oriented paradigms (Golang, Java, C++, etc.).Security: experimenting with access control, packet filtering, handling and monitoring communication among services.If you excel in any of these areas and are passionate to learn about the others, this is an exciting role to make a significant technical and business impact while operating on one of the largest cloud platforms in the world.
Responsibilities
Architect and implement distributed systems to deliver security controls at the network level in Salesforce’s public and private clouds. Such solutions cover but are not limited to network policy management, ACLs enforcement, distributed firewalls, DDoS and network protection for bare metal servers, containers, and VMs.Develop software solutions and microservices to support our network security platforms at one or more of the following levels: low-level OS components, datacenter distributed platforms, user interfaces.Research and implement new networking security solutions and platforms for intra- and cross-datacenter network flows.Advance and operate these security platforms in a full DevOps model.Operate in an Agile development environment, including participating in daily scrums.Support the team’s engineering excellence by performing code reviews and mentoring junior team members.RequirementsIndustry experience. 8+ years, including:3+ years experience in SaaS, PaaS or IaaS software development.3+ years experience in a high-availability 24/7 environment (in both private and public cloud platforms).A related technical degree required.Networking (Security). Industry-level expertise in any of the following networking (security) aspects:Network security platforms, including segmentation, ACLs, DPI, DDoS protection. Examples include:Software: iptables, ipsec, VPN, IDS, firewall management platforms, ACL compilers and tooling (Capirca).Hardware: switch ACLs, stateful firewalls, network segmentation, security zones.VM and containers network stacks (OpenStack’s Neutron, Cilium, Romana).Network control planes and agents (Calico, Flannel, Contiv, Contrail, OVN).OSI model and debugging network traffic.Networking protocols (TCP/UDP, BGP, DNS, DHCP).Datacenter network architecture at software platform and hardware devices (NAT, VXLAN, overlay/underlay).Network security architectures and implementations in public clouds (e.g., AWS, Azure, GCP, Alibaba Cloud).Platform development: Shown track of designing and coding large-scale PaaS or IaaS systems, especially for public cloud providers (e.g., AWS, Azure, GCP, Alibaba Cloud).Programming. Proficiency in object-oriented and multi-threaded programming in at least one of the following languages: Golang, Java, C++, Python.Operating systems. Development and software management on Linux systems (e.g., CentOS, RHEL).Security. Strong knowledge in security fundamentals: authentication/authorization frameworks (e.g., SSO, SAML, Oauth), secure transport (e.g., SSL, TLS), identity management (e.g., certificates, PKI).DevOps approach and strong ownership over owned code (test, monitor, deploy, maintain).Communication. Excellent oral and written communication skills.Team. Ability to value team success beyond personal contributions.Desired Skills/ExperienceDistributed systems. Expertise in designing, implementing and operating distributed systems architectures and concepts, including any of the following:High-performance, high-availability (99.999%) and self-recoverable systems.Control, orchestration and automation platforms.RPC frameworks (e.g., Protobuf/gRPC, Thrift, Bond).Consensus and consistency frameworks (e.g., Paxos, Raft, strong/eventual consistency).Data-processing systems (e.g., Lambda architecture, Kafka, RabbitMQ, ELK).Storage solutions (e.g., Cassandra, MongoDB, Hadoop, Redis, Zookeeper).Software design. Demonstrated expertise in applying systems patterns (e.g., Client-server, N-tier, Master/Slave, MVC) and API constructions (e.g., Swagger, OpenAPI).VMs/Containers. Hands-on experience with VMs and container technologies (e.g., OpenStack, Docker, Kubernetes).Full-software ownership from idea to running in production: design, code, writing unit tests, performing integration tests, deploying to production, supporting the system in the production environments.
#J-18808-Ljbffr