Principal DDOS Software Engineer

** Job Description*
* Overview

Join OCI's Edge Security team as a Principal Engineer to architect and deliver cloud-scale DDoS protection. You'll lead design for high-performance detection and mitigation systems, drive automation and operational excellence, and set the technical direction for customer-facing DDoS capabilities across OCI's global edge.

This role requires deep expertise in Linux networking data path and kernel-level networking (such as XDP, eBPF, DPDK, iptables, nftables), in addition to strong systems and Dev Ops engineering experience.

What you'll do

+ Lead architecture and delivery of low-latency backend services for DDoS detection, classification, and mitigation.

+ Define and evolve scalable data/control planes (policy, signaling, telemetry, orchestration) with strong fault isolation, resiliency, and compliance-by-design.

+ Own traffic engineering strategy (anycast, BGP policy, routing integration) and partner with networking, DNS, and edge platform teams.

+ Set operational standards: SLOs/SLAs, on-call health, incident response (including incident commander duties), runbooks, and post-incident learning.

+ Drive automation at scale: CI/CD strategy, test frameworks, progressive delivery (canary/blue-green), and infrastructure-as-code.

+ Establish robust observability (metrics, logs, traces) and capacity/scale models for high-throughput, highly available services.

+ Lead threat modeling, architecture reviews, and audit readiness for Tier 0 services; ensure security and privacy are embedded through the lifecycle.

+ Mentor engineers, influence cross-org roadmaps, and collaborate with Product, SRE, and Network Engineering from concept to GA.

Qualifications

+ 7-10 years building production backend systems, including 3-5 years in high-scale and/or low-latency environments.

+ Deep expertise in Linux networking data path and kernel-level networking (e.g., XDP, eBPF, dpdk, iptables, nftables) for traffic processing, filtering, and observability.

+ Proficiency in one or more:
Java/Python/C++/Rust/Go (strong preference for Java for control-plane/services).

+ Deep systems design expertise: concurrency, memory management, performance tuning, API design, consistency models, and distributed systems fundamentals.

+ Proven Dev Ops leadership at scale: CI/CD, automated testing, canarying, rollout/rollback, configuration management.

+ Strong IaC experience (e.g., Terraform) and solid cloud infrastructure fundamentals.

+ Domain experience in DDoS or network security services and common attack/defense patterns.

+ Advanced networking knowledge: TCP/IP, IPv4/IPv6, BGP, routing policy; DNS fundamentals.

+ Demonstrated operational excellence and observability practices (metrics, tracing, alerting).

Preferred qualifications

+ Expertise with anycast routing, global traffic steering, and multi-region service readiness.

+

Experience with SDN, programmable data planes, or hardware mitigation platforms.

+ Building high-rate telemetry/streaming pipelines for near-real-time detection (packet/flow analytics).

+ Background in resilience engineering, chaos testing, disaster recovery, and capacity planning at hyperscale.

+ Containerization/orchestration (e.g., Kubernetes) and secure service-to-service communication (mTLS, policy enforcement).

+ Familiarity with zero trust, segmentation, and modern security architectures; exposure to compliance frameworks and audit preparation.

How you'll have impact

+ Deliver core DDoS detection/mitigation that protects OCI's infrastructure availability and customer trust.

+ Launch customer-facing DDoS offerings with self-service policy, visibility, and strong defaults.

+ Raise engineering quality, automation, and compliance maturity across the stack; mentor and grow the team's technical bar.

Ways of working

+ Security and privacy by design with auditable controls and policy adherence from day one.

+ Data-driven delivery with clear KPIs, SLOs, and stage gates from prototype to GA.

+ Collaborative, inclusive culture emphasizing design docs, code reviews, and knowledge sharing.

** Responsibilities*
* + Lead architecture and delivery of low-latency backend services for DDoS detection, classification, and mitigation.

+ Define and evolve scalable data/control planes (policy, signaling, telemetry, orchestration) with strong fault isolation, resiliency, and compliance-by-design.

+ Own traffic engineering strategy (anycast, BGP policy, routing integration) and partner with networking, DNS, and edge platform teams.

+ Set operational standards: SLOs/SLAs, on-call health, incident response (including incident commander duties), runbooks, and post-incident learning.

+ Drive automation at scale: CI/CD strategy, test frameworks, progressive delivery (canary/blue-green), and infrastructure-as-code.

+ Establish robust observability (metrics, logs, traces) and capacity/scale models for high-throughput, highly available services.

+ Lead threat modeling, architecture reviews, and audit readiness for Tier 0 services; ensure security and privacy are…