Principal / Distinguished Engineer, CASB

As part of the Inline CASB team, you will have a unique opportunity to work on a world-class CASB solution that provides unparalleled visibility and control for widely used enterprise applications. Netskope Cloud Data Plane engineers architect and design one of the most scalable, high-performance cloud data planes in the world, processing 10+ Gbps of traffic.

In this role, you will be working on Deep Packet Inspection (DPI) of CASB Inline traffic. You will build core functionality to intercept and inspect traffic the CASB Inline traffic which include Generative AI applications in the data path, invoking essential services like DLP (Data Loss Prevention) and Threat Protection (TSS) and enforcing CASB Inline Real-Time Policies (RTP). You will be instrumental in developing state-of-the-art techniques, including AI/ML, to detect activities and apply advanced policies, all at line rate.

This is a high-impact position for a technical leader who excels at solving challenging problems and mentoring a world-class engineering team.
If you enjoy diving deep into technical challenges to develop innovative solutions that are scalable, accurate, and high-performing, then this role is for you.

• Understand the various use cases and work flows for native/browser access of SaaS apps and support the app access requirements/use cases via Netskope reverse proxy solution. Also maintain & enhance the access control features for the supported SaaS apps. 
• Work on re-architecting the deep packet inspection module to make it intelligent and scalable, with the goal of achieving higher accuracy in activity detection across a wide range of SaaS applications.
• Work on identifying a smart, scalable solution to reduce the cost of building and maintaining SaaS app connectors, which are responsible for providing deeper visibility into application activities. 
• Work closely with the product management team on the new apps support & to define new access control use cases. 
• Involve in the complete development life cycle starting with understanding various requirements, understand/define functional specs,  development with high efficacy/quality & measure the efficacy based on production data.
• Identify gaps in existing solutions/processes and bring in innovative ideas that help evolve the solution over time.
• Work closely with the technical support team to handle customer escalations. Analyze the product gaps that resulted in customer issues and improve the signature resiliency and test strategy. 

• Bachelor's or Master's degree in Computer Science, Engineering  or equivalent strongly preferred.
• Minimum 18 years of work experience.

• Programming Mastery: Expert proficiency in C/C++ and strong experience with Python.
• Networking Protocol Expertise:
• Deep understanding of networking protocols, including TCP/IP, HTTP/S, WebSocket, DNS, and TLS/SSL decryption (MITM) techniques.
• Knowledge of L3 VPNs like IPSec and Wireguard.
• Security Domain Experience (L7 & Network):
• Proven experience in data plane/data path development for security products (e.g., Firewalls, Proxies, IDPS, DPI engines).
• Experience in network and web security technologies, including Web Application Firewall (WAF), L7 Access-Policies, Web Security, IDP/IPS, DNS-based security, and L7 DDoS.
• Must Have: Experience with HTTP proxy development.
• System Architecture:
• Strong understanding of computer architecture concepts like multi-threading, CPU scheduling, and memory management.
• Good understanding of algorithms and data structures for implementing real-time inline data processing.
• Good hands on experience and knowledge of Linux at a systems level. 
• Troubleshooting & Debugging:
• Strong analytical and troubleshooting skills using debuggers like gdb and tools like Valgrind.
• Hands-on experience with packet capture technologies (e.g., tcpdump, Wireshark, libpcap) for network traffic analysis and troubleshooting.
• Cloud & Containerization:
• Strong knowledge of cloud solution architectures (AWS, Azure, GCP).
• Direct experience with container orchestration (Kubernetes) and Container Network Interface (CNI) plugins.
• Familiarity with inter-service communication protocols in cloud environments (e.g., gRPC, REST).
• Experience in a CASB, ZTNA, or SSE security environment.
• Contributions to open-source projects.

• SASE Architecture: Experience working within a SASE (Secure Access Service Edge) architecture is a major plus.
• Authentication & Access Control: Strong knowledge of Authentication technologies, including Identity and Access Management, SSO, SAML, OpenID, OAuth2, and MFA.
• Generative AI (GenAI) Platforms: Familiarity with GenAI platforms and APIs and their communication patterns (e.g., OpenAI, Anthropic, Gemini).
• DPDK and VPP architecture knowledge is a plus.
• Testing Methodologies: A proponent of Test-Driven Development (TDD) and knowledge of various unit testing frameworks.
• Advanced Content Analysis: Experience with advanced content analysis or true file type detection.
• Inter-Service Communication: Familiarity with modern cloud protocols like gRPC and REST.
• Security Domain Experience: Experience in a CASB, ZTNA, or SSE security environment.

Open-Source Contributions: A history of contributions to open-source projects.
#LI-VJ2