Key skills
PythonAIGCPGoogle CloudTerraformKubernetesGKEIAMLeadershipProject ManagementMentoringCommunicationNetwork SecurityCloud SecurityZero Trust
About this role
Calix is a company that empowers Communication Service Providers (CSPs) to innovate and grow through their cloud-first, AI-powered platform. The Principal Network Security Engineer (Cloud) will lead the architecture and optimization of network security controls in Google Cloud Platform environments, ensuring the protection of cloud-based assets while collaborating with various teams and mentoring junior engineers.
Responsibilities:
- Lead the architecture, deployment, and optimization of network security controls and solutions in Google Cloud Platform (GCP) environments
- Design and implement security policies, segmentation strategies, firewalls, and access controls to protect cloud-based assets
- Collaborate with the Cloud Platform Engineering, SRE, and Application teams to integrate security into cloud-native solutions and workflows
- Perform risk assessments, vulnerability analysis, and threat modeling for cloud networks
- Monitor, analyze, and respond to security incidents and anomalies within GCP networks, leveraging SIEM/SOAR/XDR/NGFW/DLP and other security tools
- Develop and maintain automation scripts and infrastructure-as-code (IaC) for consistent security deployment and compliance
- Ensure adherence to regulatory/compliance requirements (e.g., SOC2, ISO27K, GDPR) and internal policies for cloud network security
- Mentor and provide technical leadership to junior engineers and cross-functional teams
- Stay current with emerging cloud security technologies, trends, and threats
- Contribute to the development of security standards, best practices, and documentation for Calix Cloud environments
Requirements:
- Bachelor's or Master's degree in Computer Science, Information Security, Engineering, or related field
- 10+ years of experience in network security engineering, with at least 3 years focused on cloud environments, preferably Google Cloud Platform
- Expert knowledge of cloud networking concepts (VPC, subnets, load balancers, NGFW, VPN, interconnect etc.)
- Proficiency in cloud security tools and services (Identity-Aware Proxy, Cloud IAM, Security Command Center, SecOps, DLP etc.)
- Strong understanding of TCP/IP, routing, firewalls, IDS/IPS, zero trust, and segmentation strategies
- Experience with automation and scripting (Python, Terraform/OpenTofu, etc.)
- Solid grasp of security frameworks and compliance standards relevant to cloud environments
- Excellent analytical, problem-solving, and communication skills
- Relevant certifications (e.g., Google Professional Cloud Security Engineer, CISSP, CCSP) highly desirable
- This is a remote-based position located in the United States or Canada. Please note that as part of the recruitment and hiring process, there is an in-person meeting that will take place
- While this is a remote-based position, the candidate may be required to attend in-person team or company meetings
- Experience designing and operating secure cloud environments – preferably Google Cloud
- Knowledge of container security (Kubernetes, GKE) and microservices architectures
- Strong leadership and project management capabilities
- Ability to evangelize security best practices and influence organizational change