Sr. Network Security Engineer
Role details
Job location
Tech stack
Job description
- Provide subject matter expertise on network security, firewalls, zero-trust architectures, and industry best practices, with primary focus on modern remote access VPN technologies.
- Architect, design, deploy, and secure enterprise remote access VPN solutions end-to-end (including supporting components such as routers, exit nodes, and connectors), with strong emphasis on Tailscale, WireGuard, IPsec, and SSL-based implementations.
- Own the full lifecycle of remote access infrastructure from initial design and ground-up implementation through ongoing management, policy definition, client distribution, and performance optimization.
- Configure, deploy, and support VPN clients across multiple platforms (Windows, macOS, Linux, iOS, Android) while performing advanced troubleshooting of complex connectivity and performance issues.
- Manage Linux-based infrastructure and network security systems with end-to-end ownership of configuration, custom tooling, and operational reliability.
- Develop automation and CI/CD workflows (Python or similar) to streamline deployment, policy enforcement, monitoring, and maintenance of remote access and security systems.
- Implement and support zero-trust remote access architectures; manage firewall policies and network security appliances with tight integration of VPN solutions.
- Serve as an escalation point for complex network security and remote connectivity challenges; collaborate cross-functionally with engineering and operations teams to gather requirements, design secure solutions, and communicate best practices.
- Monitor VPN performance, logs, and overall security posture; proactively identify issues, drive resolutions, and formalize processes and change management for remote access infrastructure.
- Apply system patches, perform periodic maintenance, and continuously improve the reliability and security of the remote access environment.
Requirements
SpaceX is looking for a Sr. Network Security Engineer with deep expertise in network security technologies and a strong emphasis on remote access VPN solutions (particularly Tailscale and WireGuard). This role requires a strong networking, infrastructure, systems, and software background and will focus heavily on designing, deploying, managing, securing, and troubleshooting enterprise remote VPN infrastructure. The employee will be a member of the Network Security Engineering team. The ideal candidate will be flexible, excel at multi-tasking, and flourish in a fast-paced and challenging environment. This person should be a self-starter, self-motivator, and possess the ingenuity to excel in this position., * Bachelor's degree in a STEM field and 5+ years of network security experience; OR 8+ years of network security experience in lieu of a degree.
- 3+ years of experience securing networks, IT infrastructure, applications, endpoints, and/or APIs.
PREFERRED SKILLS AND EXPERIENCE:
- Proven experience leading the design, deployment, and operation of enterprise remote access VPN solutions (Tailscale, WireGuard, or comparable SSL/IPsec/WireGuard-based platforms) in large-scale, multi-site or multi-region environments with high reliability requirements.
- Deep hands-on expertise with modern remote access platforms, including client management, access policies, split-tunneling, performance tuning, and complex troubleshooting across diverse operating systems.
- Strong systems engineering foundation: deep networking knowledge, experience managing Linux infrastructure, and the ability to design and implement solutions from the ground up rather than solely administer existing systems.
- Demonstrated automation and software skills in Python for building custom tooling, services, and CI/CD workflows, with strong system design thinking to evaluate second- and third-order effects and build resilient systems.
- Comfortable reading and reviewing Go code, particularly in the context of understanding upstream changes in projects.
- Experience with dynamic routing (eBGP, iBGP, OSPF, SD-WAN), network segmentation, logging/alerting with SIEMs, and zero-trust architectures.
- Ability to diagnose low-level connectivity and performance issues and to work effectively with stakeholders and end users.
- Self-starter with excellent time-management, communication (written and verbal), and collaboration skills; mid-career professional who has successfully owned similar infrastructure or remote-access initiatives., * To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. * 1157, or (iv) Asylee under 8 U.S.C. * 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.
Benefits & conditions
$165,000.00 - $235,000.00 life insurance, parental leave, paid holidays, sick time, 401(k), retirement plan, remote work United States, Washington, Redmond 23020 Northeast Alder Crest Drive (Show on map) Jul 10, 2026, * This role requires you to be onsite. Hybrid or remote work will not be considered.
- Willingness to work extended hours and weekends as needed.
COMPENSATION AND BENEFITS:
Pay Range: Level 3: $165,000.00 - $235,000.00
Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience.
Base salary is just one part of your total rewards package at SpaceX. You may also be eligible for long-term incentives, in the form of company stock or long-term cash awards, as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan. You will also receive access to comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short and long-term disability insurance, life insurance, paid parental leave, and various other discounts and perks. You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year. Employees in Washington State accrue paid sick time in compliance with state and federal law. Company shuttles are offered to employees for roundtrip travel from select Seattle locations to the SpaceX Redmond office Monday to Friday.