we are a leader in high-scale disaggregated networking solutions. Founded in 2015, our company modernizes the way service providers, cloud providers and hyperscalers build networks. Supporting the largest network in the world, more than half of AT&Ts backbone traffic is running on our companys Network Cloud open disaggregated architecture. Raising $587 million in three funding rounds, our company is disrupting the networking market from high-scale architecture to AI platforms, and is bringing onboard the most talented people. We are seeking people that want to make an impact on the worlds leading communication networks and are experienced in web architecture
The Role
As part of System Architecture group, the Cybersecurity System Architect will define the end-to-end architecture of advanced network security services, such as intrusion prevention systems (IPS), and host-based intrusion detection systems (HIDS) and firewalling. This role is at the forefront of integrating deep security intelligence into high-performance, scalable network operating systems and telecom-grade platforms.
As part of R&D core function, shaping next-generation secure network infrastructure by embedding deep packet inspection, behavioral analytics, and threat mitigation into the product architecture.
Responsibilities
1. Architecture of Integrated Security Services
Define and lead the system architecture for L3-L7 firewalling, stateful inspection, policy enforcement, and application-aware filtering.
Architect integration of IPS, DPI, signature- and anomaly-based detection, and evasion-resilient detection engines into control and data plane systems.
Specify how HIDS capabilities will be embedded or interfaced with NOS components for detecting host-based anomalies and compromise indicators.
2. Threat Detection & Prevention Frameworks
Design scalable architectures that support high-speed signature matching, traffic heuristics, and flow analysis under real-world traffic conditions.
Define mechanisms for rule updates, threat intelligence feeds, and integration of ML-based detection algorithms.
Architect policy engines for complex rule matching, including user-defined policy trees and hierarchical control structures.
3. Secure System Integration
Lead system-level threat modeling and security design reviews across platform, OS, and networking protocol layers.
Define secure communication paths, trust boundaries, and cryptographic protections for sensitive metadata, logs, and update mechanisms.
Ensure proper isolation and sandboxing of inspection/control modules, especially in multi-tenant or containerized environments.
4. Performance and Resilience Considerations
Design architectures to meet line-rate security enforcement, ensuring minimal latency overhead while preserving packet integrity.
Align with the HW Architecture for performance optimized flow offload strategies (e.g. hardware-assisted DPI).
Requirements: Education:
B.Sc. or M.Sc. in Computer Engineering, Electrical Engineering, or Computer Science.
Cybersecurity specialization or relevant certifications
Deep knowledge of:
IPS/HIDS principles: signature vs. anomaly detection, behavior monitoring, evasion techniques.
L4-L7 inspection: application identification, protocol normalization, encrypted traffic analysis (SSL/TLS).
Firewall architectures: stateless/stateful packet filtering, next-gen firewalling, policy-based routing.
Strong background in:
Network protocols (TCP/IP stack, DNS, HTTP/S, TLS, IPsec, BGP) and related vulnerabilities.
DPI engines, pattern matching algorithms, threat scoring frameworks.
Experience
4+ years of experience in R&D or system architecture for networking and security products.
Soft Skills
Systemic, detail-oriented thinker with strong threat modeling and architecture documentation skills.
Strong cross-team communication and leadership in an R&D matrix environment.
This position is open to all candidates.