About the Role - Principal Engineer – Cloud Networking & Network Security We are seeking a Principal Engineer – Cloud Networking & Network Security to architect and deliver large-scale, cloud-native networking and security platforms across multi-cloud environments. This role is intended for a deep networking expert with extensive experience designing cloud networking products with focus on routing-centric, NAT-heavy, data-plane–intensive systems—from early protocol and architecture design to production rollout, scale, and long-term evolution. You will serve as a technical authority for networking architecture, owning complex problems across routing, traffic forwarding, NAT, firewall enforcement, and high-volume telemetry in modern cloud environments. Key Responsibilities Networking Architecture & Technical Leadership Own the end-to-end networking architecture of cloud networking and security products, including control-plane and data-plane design. Define architectural standards for routing, NAT, traffic steering, and firewall enforcement at cloud scale. Act as the senior technical authority for complex networking issues spanning multi-cloud and hybrid environments. Cloud Networking Platforms Architect complex cloud networking topologies, including: VPC/VNet segmentation and transit architectures Hub-and-spoke and mesh designs Multi-cloud and hybrid connectivity Work deeply with cloud-native networking constructs, such as: Cloud gateways, routing tables, NAT gateways Managed and custom firewall services Ensure architectures align with zero-trust networking principles and security best practices. Routing, NAT & Traffic Engineering Architect and implement routing-centric designs, including: Dynamic route exchange and control (BGP) Policy-based routing and traffic steering Route summarization, convergence, and failure handling Design and scale NAT architectures, including: SNAT, DNAT, and bidirectional NAT Centralized vs distributed NAT tradeoffs High-scale NAT capacity planning, port exhaustion handling, and resiliency Design traffic flows across gateways, firewalls, and load balancers with a strong understanding of packet-level behavior. Firewall & Data-Plane Systems Lead the design of next-generation firewall data planes, including: Policy evaluation and enforcement pipelines Stateful vs stateless inspection DPI and application-layer controls Drive performance-critical design decisions for high-throughput, low-latency packet processing systems. Ensure correct behavior across asymmetric routing, NAT traversal, and multi-path traffic scenarios. Execution & Engineering Excellence Drive product delivery from concept through production, ensuring correctness, scalability, and operability. Lead deep technical design reviews focused on networking correctness and performance. Mentor engineers on advanced networking concepts, packet flows, and troubleshooting methodologies. Collaborate with product management and operations teams to translate networking requirements into robust, shippable products. Required Skills & Experience Bachelor’s or Master’s degree in Computer Science, Electrical Engineering, Networking, or related field. 15+ years of experience building networking-intensive systems or products, with proven end-to-end product ownership. Demonstrated experience in architecting cloud networking platforms or network security products at scale. Expert-level understanding of IP networking fundamentals, including: TCP/IP, ARP, ICMP Subnetting, CIDR planning, and address management Deep expertise in routing, including: BGP (design, policy control, route advertisement, and troubleshooting) Static vs dynamic routing models Route convergence, ECMP, and failover strategies Strong, hands-on experience with NAT, including: SNAT/DNAT behavior and corner cases Large-scale NAT performance and capacity planning NAT interactions with routing, firewalls, and asymmetric paths Extensive experience with firewall and network security technologies, such as: Policy engines and rule evaluation Stateful and stateless firewalls NGFW, IDS/IPS systems Cloud-native firewalls (AWS Network Firewall, Azure Firewall, GCP Cloud Armor) Proficiency in Python and/or Go (Golang) for building networking control-plane and management services. Strong understanding of distributed systems as applied to networking (control planes, consistency, failover). Experience working with Kubernetes networking, CNI concepts, and service networking. Deep familiarity with AWS, Azure, GCP, and/or OCI networking stacks. Solid grounding in network security frameworks and zero-trust architectures. Nice to Have Background in network operating systems, virtual routers, or SDN controllers. Experience with high-performance packet processing (eBPF, DPDK, XDP, or similar). Experience designing carrier-grade or hyperscale networking systems. Contributions to open-source networking projects. Certifications such as CCIE, AWS Advanced Networking, GCP Professional Cloud Network Engineer, or equivalent.

About Aviatrix

Aviatrix® is the cloud network security expert. We’re on a mission to make cloud networking simple so companies stay agile. Trusted by more than 500 of the world’s leading enterprises, our cloud networking platform creates the visibility, security, and control needed to adapt with ease and move ahead at speed. Combined with the Aviatrix Certified Engineer (ACE) Program, the industry's leading multicloud networking and security certification, Aviatrix empowers the cloud networking community to stay at the forefront of digital transformation. Learn more at www.aviatrix.ai.