Cruise’s Network Access Engineering team is seeking a Staff Network Security Engineer to help us architect, build and operate secure, scalable access networks across our growing global footprint of facilities.
You will be essential for ensuring Cruise’s network designs are secure and that we’ve an effective, consolidated network automation strategy encompassing observability, device lifecycle management, security policy and vulnerability remediation.
You are a network security SME with strong, influential opinions on networking and network access security, ensuring Cruise's network architectures have security baked-in as a basis of their designs.
Your scope includes (but not limited to): Identity management, access-layer network controls, policy management & enforcement, remote client VPN system strategy & architecture, endpoint vulnerability identification & remediation, and edge access policy dissemination.
If you're interested in building and operating the global network that supports our autonomous driving mission, let's talk!
What you’ll be doing:
- Create and maintain standards-based network designs for Cruise’s access network infrastructure
- Shape a convergence strategy for our current mix of Cisco, Arista, Palo Alto, Fortinet and Aruba network equipment that exist across disparate network teams
- Create, manage, and maintain access network infrastructure documentation
- Identify, build and mature common access network workflows and design
- Help build, maintain, and automate Cruise’s global network, focusing on secure authentication and authorization mechanisms
- Own the remediation of security vulnerabilities, including implementing network access controls through systems like Cisco ISE and/or FreeRADIUS
- Design and implement robust network security policies and procedures through centralized management and automation of network devices
- Participate in an on-call rotation
What you must have:
- Experience running and guiding network operations and observability initiatives
- Senior resource in a network operations team supporting Cisco, Arista, Palo Alto, Fortinet and Aruba platforms
- Experience deploying and operating wired Ethernet & WiFi wireless access networks and their policies
- Expertise in managing and utilizing network monitoring systems and leveraging them for automation
- Expert knowledge of network security best-practices and design patterns
- Demonstrated hands-on network design and operations experience
- Hands-on knowledge and troubleshooting experience of L2 and L3 networking and routing protocols (802.11x, STP, IPv4, IS-IS, BGP, etc.)
- Expert level knowledge of edge firewall technologies, remote VPN solutions, and SASE & SD-WAN architectures
- Experience with automation platforms/technologies such as: Terraform, GitHub, Python and Ansible
Bonus Points:
- Strong understanding of NAC concepts and experience with 802.1x implementations
- Hands-on experience with Cloud deployments in GCP, AWS and Azure
- Experience with additional automation platforms/technologies such as: CI/CD, Nautobot, Chronosphere, Humio
- Python or Golang programming experience with a desire for leading DevOps practices
- Understanding of SRE best practices and experience with publishing service SLO
The salary range for this position is $173,400 - $255,000. Compensation will vary depending on location, job-related knowledge, skills, and experience. You may also be offered a bonus, long-term incentives, and benefits. These ranges are subject to change.
