Network Engineer with AWS experience

Project description

We are building a custom high-load and high-scale IPsec backend on AWS to support over 20,000 IKEv2 tunnels for connected vehicles with dual-modem WAN bonding and custom StrongSwan gateways, IPv6-only. We are looking for an experienced network engineer withsoftware development skills to help us create this platform.

Responsibilities

• - Implementing redirector and tunnel-terminator logic for thousands of parallel IKEv2/IPsec tunnels. Designing control-plane logic that can steer per-vehicle traffic over dual-modem tunnels with dynamic source IPs.- Embedding client identity into the protocol stack- Writing automation around Linux networking (iptables/netfilter/XFRM), StrongSwan VICI, and AWS primitives (NLB, ENI, etc.). Writing plugins or extensions for StrongSwan or the Linux IPsec stack if needed.- Building observability and traceability for IPsec sessions at scale (IDi, DPD status, per-modem metrics). Debugging packet flows and helping design testable redirect and failover scenarios.

SKILLS

Must have

• - Deep understanding of the Linux networking stack, including iptables, XFRM/IPsec, netfilter, and conntrack.- Experience configuring StrongSwan (IKEv2, CHILD_SA lifecycles, MOBIKE, VICI).- Solid AWS knowledge at the level of the Advanced Networking Specialty certification or equivalent real-world experience. Able to reason about flow consistency through NLB, GWLB, and EC2 fleet mechanics.- Capable of developing code.- Comfortable reading packet traces (tcpdump, Wireshark) and analyzing kernel-level behavior.

Nice to have

- Experience with building custom VPN plugins (e.g., for StrongSwan, Libreswan, or similar).- Kernel-space or eBPF experience.- Previous work on mobility protocols or embedded network stacks.- Familiarity with QNX or automotive telematics protocols.- Hands-on experience with VPP, DPDK, or packet reordering logic.- IPv6 edge deployment experience.- AWS Advanced Networking Specialty certification.