Job Description

Join OCI's Edge Security team as a Principal Engineer to architect and deliver cloud-scale DDoS protection. You'll lead design for high-performance detection and mitigation systems, drive automation and operational excellence, and set the technical direction for customer-facing DDoS capabilities across OCI's global edge.



What you'll do


Lead architecture and delivery of low-latency backend services for DDoS detection, classification, and mitigation. Define and evolve scalable data/control planes (policy, signaling, telemetry, orchestration) with strong fault isolation, resiliency, and compliance-by-design. Own traffic engineering strategy (anycast, BGP policy, routing integration) and partner with networking, DNS, and edge platform teams. Set operational standards: SLOs/SLAs, on-call health, incident response (including incident commander duties), runbooks, and post-incident learning. Drive automation at scale: CI/CD strategy, test frameworks, progressive delivery (canary/blue-green), and infrastructure-as-code. Establish robust observability (metrics, logs, traces) and capacity/scale models for high-throughput, highly available services. Lead threat modeling, architecture reviews, and audit readiness for Tier 0 services; ensure security and privacy are embedded through the lifecycle. Mentor engineers, influence cross-org roadmaps, and collaborate with Product, SRE, and Network Engineering from concept to GA.
Basic qualifications


7-10 years building production backend systems, including 3-5 years in high-scale and/or low-latency environments. Proficiency in one or more: Java/Python/C++/Rust/Go (strong preference for Java for control-plane/services). Deep systems design expertise: concurrency, memory management, performance tuning, API design, consistency models, and distributed systems fundamentals. Proven DevOps leadership at scale: CI/CD, automated testing, canarying, rollout/rollback, configuration management. Strong IaC experience (e.g., Terraform) and solid cloud infrastructure fundamentals. Domain experience in DDoS or network security services and common attack/defense patterns. Advanced networking knowledge: TCP/IP, IPv4/IPv6, BGP, routing policy; DNS fundamentals. Demonstrated operational excellence and observability practices (metrics, tracing, alerting).
Preferred qualifications


Expertise with anycast routing, global traffic steering, and multi-region service readiness. Experience with SDN, programmable data planes, or hardware mitigation platforms. Building high-rate telemetry/streaming pipelines for near-real-time detection (packet/flow analytics). Background in resilience engineering, chaos testing, disaster recovery, and capacity planning at hyperscale. Containerization/orchestration (e.g., Kubernetes) and secure service-to-service communication (mTLS, policy enforcement). Familiarity with zero trust, segmentation, and modern security architectures; exposure to compliance frameworks and audit preparation.
How you'll have impact


Deliver core DDoS detection/mitigation that protects OCI's Tier 0 availability and customer trust. Launch customer-facing DDoS offerings with self-service policy, visibility, and strong defaults. Raise engineering quality, automation, and compliance maturity across the stack; mentor and grow the team's technical bar.
Ways of working


Security and privacy by design with auditable controls and policy adherence from day one. Data-driven delivery with clear KPIs, SLOs, and stage gates from prototype to GA. Collaborative, inclusive culture emphasizing design docs, code reviews, and knowledge sharing.
Note


This role aligns with Oracle's standards for security, privacy, and compliance. When selecting tools or third-party integrations, ensure they align with Oracle's internal guidelines and approval processes. Certain US customer or client-facing roles may be subject to applicable requirements (e.g., immunization or occupational health mandates). Benefits and salary information are provided in Oracle career postings and vary by location and role. The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.

Lead architecture and delivery of low-latency backend services for DDoS detection, classification, and mitigation. Define and evolve scalable data/control planes (policy, signaling, telemetry, orchestration) with strong fault isolation, resiliency, and compliance-by-design. Own traffic engineering strategy (anycast, BGP policy, routing integration) and partner with networking, DNS, and edge platform teams. Set operational standards: SLOs/SLAs, on-call health, incident response (including incident commander duties), runbooks, and post-incident learning. Drive automation at scale: CI/CD strategy, test frameworks, progressive delivery (canary/blue-green), and infrastructure-as-code. Establish robust observability (metrics, logs, traces) and capacity/scale models for high-throughput, highly available services. Lead threat modeling, architecture reviews, and audit readiness for Tier 0 services; ensure security and privacy are embedded through the lifecycle. * Mentor engineers, influence cross-org roadmaps, and collaborate with Product, SRE, and Network Engineering from concept to GA.