Network Engineer with AWS experience
Posted 6 hours 46 minutes ago by Luxoft
Project description
We are building a custom high-load and high-scale IPsec backend on AWS to support over 20,000 IKEv2 tunnels for connected vehicles with dual-modem WAN bonding and custom StrongSwan gateways, IPv6-only. We are looking for an experienced network engineer withsoftware development skills to help us create this platform.
Responsibilities
- - Implementing redirector and tunnel-terminator logic for thousands of parallel IKEv2/IPsec tunnels. Designing control-plane logic that can steer per-vehicle traffic over dual-modem tunnels with dynamic source IPs.- Embedding client identity into the protocol stack- Writing automation around Linux networking (iptables/netfilter/XFRM), StrongSwan VICI, and AWS primitives (NLB, ENI, etc.). Writing plugins or extensions for StrongSwan or the Linux IPsec stack if needed.- Building observability and traceability for IPsec sessions at scale (IDi, DPD status, per-modem metrics). Debugging packet flows and helping design testable redirect and failover scenarios.
SKILLS
Must have
- - Deep understanding of the Linux networking stack, including iptables, XFRM/IPsec, netfilter, and conntrack.- Experience configuring StrongSwan (IKEv2, CHILD_SA lifecycles, MOBIKE, VICI).- Solid AWS knowledge at the level of the Advanced Networking Specialty certification or equivalent real-world experience. Able to reason about flow consistency through NLB, GWLB, and EC2 fleet mechanics.- Capable of developing code.- Comfortable reading packet traces (tcpdump, Wireshark) and analyzing kernel-level behavior.
Nice to have
- Experience with building custom VPN plugins (e.g., for StrongSwan, Libreswan, or similar).- Kernel-space or eBPF experience.- Previous work on mobility protocols or embedded network stacks.- Familiarity with QNX or automotive telematics protocols.- Hands-on experience with VPP, DPDK, or packet reordering logic.- IPv6 edge deployment experience.- AWS Advanced Networking Specialty certification.