Principal / Distinguished Engineer, CASB

About Netskope

Today, there's more data and users outside the enterprise than inside, causing the network perimeter as we know it to dissolve. We realized a new perimeter was needed, one that is built in the cloud and follows and protects data wherever it goes, so we started Netskope to redefine Cloud, Network and Data Security.

Since 2012, we have built the market-leading cloud security company and an award-winning culture powered by hundreds of employees spread across offices in Santa Clara, St. Louis, Bangalore, London, Paris, Melbourne, Taipei, and Tokyo. Our core values are openness, honesty, and transparency, and we purposely developed our open desk layouts and large meeting spaces to support and promote partnerships, collaboration, and teamwork. From catered lunches and office celebrations to employee recognition events and social professional groups such as the Awesome Women of Netskope (AWON), we strive to keep work fun, supportive and interactive. Visit us at Netskope Careers. Please follow us on LinkedIn and Twitter@Netskope.

As part of the Inline CASB team, you will have a unique opportunity to work on a world-class CASB solution that provides unparalleled visibility and control for widely used enterprise applications. Netskope Cloud Data Plane engineers architect and design one of the most scalable, high-performance cloud data planes in the world, processing 10+ Gbps of traffic.

What’s in it for you

In this role, you will be working on Deep Packet Inspection (DPI) of CASB Inline traffic. You will build core functionality to intercept and inspect traffic the CASB Inline traffic which include Generative AI applications in the data path, invoking essential services like DLP (Data Loss Prevention) and Threat Protection (TSS) and enforcing CASB Inline Real-Time Policies (RTP). You will be instrumental in developing state-of-the-art techniques, including AI/ML, to detect activities and apply advanced policies, all at line rate.

This is a high-impact position for a technical leader who excels at solving challenging problems and mentoring a world-class engineering team.
If you enjoy diving deep into technical challenges to develop innovative solutions that are scalable, accurate, and high-performing, then this role is for you.

Job Responsibilities

• Understand the various use cases and work flows for native/browser access of SaaS apps and support the app access requirements/use cases via Netskope reverse proxy solution. Also maintain & enhance the access control features for the supported SaaS apps.

• Work on re-architecting the deep packet inspection module to make it intelligent and scalable, with the goal of achieving higher accuracy in activity detection across a wide range of SaaS applications.

• Work on identifying a smart, scalable solution to reduce the cost of building and maintaining SaaS app connectors, which are responsible for providing deeper visibility into application activities.

• Work closely with the product management team on the new apps support & to define new access control use cases.

• Involve in the complete development life cycle starting with understanding various requirements, understand/define functional specs, development with high efficacy/quality & measure the efficacy based on production data.

• Identify gaps in existing solutions/processes and bring in innovative ideas that help evolve the solution over time.

• Work closely with the technical support team to handle customer escalations. Analyze the product gaps that resulted in customer issues and improve the signature resiliency and test strategy.

Preferred Qualification

• Bachelor's or Master's degree in Computer Science, Engineering or equivalent strongly preferred.

• Minimum 18 years of work experience.

Preferred Technical Skills (must-have)

• Programming Mastery: Expert proficiency in C/C++ and strong experience with Python.

• Networking Protocol Expertise:

• Deep understanding of networking protocols, including TCP/IP, HTTP/S, WebSocket, DNS, and TLS/SSL decryption (MITM) techniques.

• Knowledge of L3 VPNs like IPSec and Wireguard.

• Security Domain Experience (L7 & Network):

• Proven experience in data plane/data path development for security products (e.g., Firewalls, Proxies, IDPS, DPI engines).

• Experience in network and web security technologies, including Web Application Firewall (WAF), L7 Access-Policies, Web Security, IDP/IPS, DNS-based security, and L7 DDoS.

• Must Have: Experience with HTTP proxy development.

• System Architecture:

• Strong understanding of computer architecture concepts like multi-threading, CPU scheduling, and memory management.

• Good understanding of algorithms and data structures for implementing real-time inline data processing.

• Good hands on experience and knowledge of Linux at a systems level.

• Troubleshooting & Debugging:

• Strong analytical and troubleshooting skills using debuggers like gdb and tools like Valgrind.

• Hands-on experience with packet capture technologies (e.g., tcpdump, Wireshark, libpcap) for network traffic analysis and troubleshooting.

• Cloud & Containerization:

• Strong knowledge of cloud solution architectures (AWS, Azure, GCP).

• Direct experience with container orchestration (Kubernetes) and Container Network Interface (CNI) plugins.

• Familiarity with inter-service communication protocols in cloud environments (e.g., gRPC, REST).

• Experience in a CASB, ZTNA, or SSE security environment.

• Contributions to open-source projects.

Additional Technical Skills

• SASE Architecture: Experience working within a SASE (Secure Access Service Edge) architecture is a major plus.

• Authentication & Access Control: Strong knowledge of Authentication technologies, including Identity and Access Management, SSO, SAML, OpenID, OAuth2, and MFA.

• Generative AI (GenAI) Platforms: Familiarity with GenAI platforms and APIs and their communication patterns (e.g., OpenAI, Anthropic, Gemini).

• DPDK and VPP architecture knowledge is a plus.

• Testing Methodologies: A proponent of Test-Driven Development (TDD) and knowledge of various unit testing frameworks.

• Advanced Content Analysis: Experience with advanced content analysis or true file type detection.

• Inter-Service Communication: Familiarity with modern cloud protocols like gRPC and REST.

• Security Domain Experience: Experience in a CASB, ZTNA, or SSE security environment.

Open-Source Contributions: A history of contributions to open-source projects.

#LI-VJ2

Netskope is committed to implementing equal employment opportunities for all employees and applicants for employment. Netskope does not discriminate in employment opportunities or practices based on religion, race, color, sex, marital or veteran statues, age, national origin, ancestry, physical or mental disability, medical condition, sexual orientation, gender identity/expression, genetic information, pregnancy (including childbirth, lactation and related medical conditions), or any other characteristic protected by the laws or regulations of any jurisdiction in which we operate.

Netskope respects your privacy and is committed to protecting the personal information you share with us, please refer to Netskope's Privacy Policy for more details.

The application window for this position is expected to close within 50 days. You may apply by filling out the below information, or visiting our Netskope Careers site.