Principal Software Engineer (DevOps) in Hemel Hempstead

Join OCI's Edge Security team as a Principal Engineer to architect and deliver cloud-scale DDoS protection. You'll lead design for high-performance detection and mitigation systems, drive automation and operational excellence, and set the technical direction for customer-facing DDoS capabilities across OCI's global edge.

This role requires deep expertise in Linux networking data path and kernel-level networking (such as XDP, eBPF, DPDK, iptables, nftables), in addition to strong systems and DevOps engineering experience.

• 7–10 years building production backend systems, including 3–5 years in high-scale and/or low-latency environments.
• Deep expertise in Linux networking data path and kernel-level networking (e.g., XDP, eBPF, DPDK, iptables, nftables) for traffic processing, filtering, and observability.
• Proficiency in one or more: Java/Python/C++/Rust/Go (strong preference for Java for control-plane/services).
• Deep systems design expertise: concurrency, memory management, performance tuning, API design, consistency models, and distributed systems fundamentals.
• Proven DevOps leadership at scale: CI/CD, automated testing, canarying, rollout/rollback, configuration management.
• Strong IaC experience (e.g., Terraform) and solid cloud infrastructure fundamentals.
• Domain experience in DDoS or network security services and common attack/defense patterns.
• Advanced networking knowledge: TCP/IP, IPv4/IPv6, BGP, routing policy; DNS fundamentals.
• Demonstrated operational excellence and observability practices (metrics, tracing, alerting).

• Expertise with anycast routing, global traffic steering, and multi-region service readiness.
• Experience with SDN, programmable data planes, or hardware mitigation platforms.
• Building high-rate telemetry/streaming pipelines for near-real-time detection (packet/flow analytics).
• Background in resilience engineering, chaos testing, disaster recovery, and capacity planning at hyperscale.
• Containerization/orchestration (e.g., Kubernetes) and secure service-to-service communication (mTLS, policy enforcement).
• Familiarity with zero trust, segmentation, and modern security architectures; exposure to compliance frameworks and audit preparation.

• Deliver core DDoS detection/mitigation that protects OCI's Tier 0 availability and customer trust.
• Launch customer-facing DDoS offerings with self-service policy, visibility, and strong defaults.
• Raise engineering quality, automation, and compliance maturity across the stack; mentor and grow the team's technical bar.

• Security and privacy by design with auditable controls and policy adherence from day one.
• Data-driven delivery with clear KPIs, SLOs, and stage gates from prototype to GA.
• Collaborative, inclusive culture emphasizing design docs, code reviews, and knowledge sharing.

• Lead architecture and delivery of low-latency backend services for DDoS detection, classification, and mitigation.
• Define and evolve scalable data/control planes (policy, signaling, telemetry, orchestration) with strong fault isolation, resiliency, and compliance-by-design.
• Own traffic engineering strategy (anycast, BGP policy, routing integration) and partner with networking, DNS, and edge platform teams.
• Set operational standards: SLOs/SLAs, on-call health, incident response (including incident commander duties), runbooks, and post-incident learning.
• Drive automation at scale: CI/CD strategy, test frameworks, progressive delivery (canary/blue-green), and infrastructure-as-code.
• Establish robust observability (metrics, logs, traces) and capacity/scale models for high-throughput, highly available services.
• Lead threat modeling, architecture reviews, and audit readiness for Tier 0 services; ensure security and privacy are embedded through the lifecycle.
• Mentor engineers, influence cross-org roadmaps, and collaborate with Product, SRE, and Network Engineering from concept to GA.