Sr. Network Security Engineer
Role details
Job location
Tech stack
Job description
- Provide subject matter expertise on network security, firewalls, zero-trust architectures, and industry best practices, with primary focus on modern remote access VPN technologies.
- Architect, design, deploy, and secure enterprise remote access VPN solutions end-to-end (including supporting components such as routers, exit nodes, and connectors), with strong emphasis on Tailscale, WireGuard, IPsec, and SSL-based implementations.
- Own the full lifecycle of remote access infrastructure from initial design and ground-up implementation through ongoing management, policy definition, client distribution, and performance optimization.
- Configure, deploy, and support VPN clients across multiple platforms (Windows, macOS, Linux, iOS, Android) while performing advanced troubleshooting of complex connectivity and performance issues.
- Manage Linux-based infrastructure and network security systems with end-to-end ownership of configuration, custom tooling, and operational reliability.
- Develop automation and CI/CD workflows (Python or similar) to streamline deployment, policy enforcement, monitoring, and maintenance of remote access and security systems.
- Implement and support zero-trust remote access architectures; manage firewall policies and network security appliances with tight integration of VPN solutions.
- Serve as an escalation point for complex network security and remote connectivity challenges; collaborate cross-functionally with engineering and operations teams to gather requirements, design secure solutions, and communicate best practices.
- Monitor VPN performance, logs, and overall security posture; proactively identify issues, drive resolutions, and formalize processes and change management for remote access infrastructure.
- Apply system patches, perform periodic maintenance, and continuously improve the reliability and security of the remote access environment.
Requirements
SpaceX is looking for a Sr. Network Security Engineer with deep expertise in network security technologies and a strong emphasis on remote access VPN solutions (particularly Tailscale and WireGuard). This role requires a strong networking, infrastructure, systems, and software background and will focus heavily on designing, deploying, managing, securing, and troubleshooting enterprise remote VPN infrastructure. The employee will be a member of the Network Security Engineering team. The ideal candidate will be flexible, excel at multi-tasking, and flourish in a fast-paced and challenging environment. This person should be a self-starter, self-motivator, and possess the ingenuity to excel in this position., * Bachelor's degree in a STEM field and 5+ years of network security experience; OR 8+ years of network security experience in lieu of a degree.
- 3+ years of experience securing networks, IT infrastructure, applications, endpoints, and/or APIs.
PREFERRED SKILLS AND EXPERIENCE:
- Proven experience leading the design, deployment, and operation of enterprise remote access VPN solutions (Tailscale, WireGuard, or comparable SSL/IPsec/WireGuard-based platforms) in large-scale, multi-site or multi-region environments with high reliability requirements.
- Deep hands-on expertise with modern remote access platforms, including client management, access policies, split-tunneling, performance tuning, and complex troubleshooting across diverse operating systems.
- Strong systems engineering foundation: deep networking knowledge, experience managing Linux infrastructure, and the ability to design and implement solutions from the ground up rather than solely administer existing systems.
- Demonstrated automation and software skills in Python for building custom tooling, services, and CI/CD workflows, with strong system design thinking to evaluate second- and third-order effects and build resilient systems.
- Comfortable reading and reviewing Go code, particularly in the context of understanding upstream changes in projects.
- Experience with dynamic routing (eBGP, iBGP, OSPF, SD-WAN), network segmentation, logging/alerting with SIEMs, and zero-trust architectures.
- Ability to diagnose low-level connectivity and performance issues and to work effectively with stakeholders and end users.
- Self-starter with excellent time-management, communication (written and verbal), and collaboration skills; mid-career professional who has successfully owned similar infrastructure or remote-access initiatives., * To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. * 1157, or (iv) Asylee under 8 U.S.C. * 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.