Founding Engineer - DDoS Detection & Mitigation Platform

FDC Servers · AS30058 · Fully Remote (Global)

FDC operates AS30058 — a global IP transit and dedicated-server network with 100+ Tbps of network capacity across 27 PoPs, carrying significant real production traffic for transit and hosting customers worldwide. We peer at every meaningful IX in Europe and North America and we run a Juniper PTX/QFX edge.

We are building our own DDoS detection and mitigation platform from the ground up — both to protect our own network and to offer as a commercial service to our transit and hosting customers. This is greenfield on a production network. Not a research project. Not a proof-of-concept that gets thrown away. The first release has to work under attack, on day one, on a network real customers depend on.

We are hiring the founding engineer for this platform. You will own it end-to-end — detection, control plane, router integration, scrubbing data plane, and the operational stack around it — working directly with the systems architect and network engineering. Our intent is to grow a team around you over the next 12–18 months. Founding, not solo-forever.

This is a Staff-level role. The scope is wide on purpose. If you read the sections below and your reaction is "that's a lot for one person" — you're right, and that is precisely why we want the kind of engineer who has done this before and wants to do it again with more ownership.

Detection engine — a real-time classifier for diverse attack patterns: reflection/amplification, SYN floods, application-layer exploits, and distributed carpet-bombing campaigns. You define what an "attack" looks like in code.

Mitigation control plane — the system that ingests detection alerts, validates classification, coordinates diversion decisions, and manages scrubbing node lifecycle across multiple PoPs.

Router integration layer — programmatic BGP control via GoBGP/ExaBGP, FlowSpec rule generation and installation, GRE tunnel management, with specific regard for Juniper PTX/QFX behavior — FlowSpec TCAM constraints, sFlow encoding differences across families, and platform-specific quirks.

Scrubbing node software — packet filtering logic using XDP/eBPF and nftables, with DPDK on the upgrade path for the highest-throughput scenarios. You'll grow into this layer with support from the systems architect.

Telemetry pipeline — sFlow ingestion from Juniper edge routers across 27 PoPs, normalization, and historical storage for forensic analysis and detection tuning.

Observability stack — Prometheus and Grafana instrumentation for attack volume, scrubbing utilization, and mitigation effectiveness, with a path to customer-facing dashboards.

• Production experience building networked systems at real scale — traffic handling, protocol implementation, or infrastructure automation that has lived under real load

Interested in remote work opportunities in Development & Programming? Discover Development & Programming Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Strong Python and/or Go — you'll own service codebases in at least one
• Genuine understanding of how IP networks actually work — BGP, routing tables, traffic forwarding, and the difference between how things are supposed to behave and how they actually behave in production
• Experience talking to routers in code — NETCONF, gRPC telemetry, vendor APIs — and opinions about what happens when the vendor's implementation doesn't match the documentation
• Comfort in a distributed system where partial failure is the default mode — recovery, observability, and operational hygiene as first-class engineering concerns

• Direct production experience with DDoS detection, traffic scrubbing, or mitigation infrastructure — you've seen a real attack, you know what the telemetry looks like, and you know why the naive approach doesn't work
• Experience at an ISP, hosting provider, CDN, or similar network operator
• BGP FlowSpec, GRE tunneling, RTBH, or traffic diversion experience in a live environment
• XDP, eBPF, or high-performance packet processing — or strong appetite to grow into it; this is a significant part of the role as the platform matures
• Kubernetes operational experience — the control plane runs on K8s; you don't need to be a platform engineer, but you should be able to deploy and debug services there without asking someone else

• Familiarity with FastNetMon, Suricata, or similar open-source detection tooling
• Juniper PTX/QFX platform depth — FlowSpec TCAM limits, sFlow sampling behaviour, platform-specific quirks

You've shipped software that runs on a network that gets attacked. You know what a SYN flood looks like in telemetry data. You've debugged a routing issue at 2 a.m. while something was actively broken. You have opinions about why certain architectural decisions matter and you can explain them to people who aren't engineers.

You're comfortable owning a significant piece of infrastructure with a relatively thin layer of oversight. You ask for input when it matters and make calls when it doesn't.

Python · Go · Kubernetes · Prometheus / Grafana · BGP (GoBGP / ExaBGP) · sFlow · XDP / eBPF · nftables · GRE · Juniper QFX / PTX · Linux networking

Compensation: Competitive base plus performance bonus. We'll be straight with you about the number on the first call — we're not going to make you guess for three rounds.

Location: Fully remote, from anywhere in the world. The team already spans the United States and Europe. We don't require a specific timezone, but you should expect some overlap with both US and EU working hours for collaboration — in practice this is an easy ask from most of the Americas, EMEA, and parts of Asia.

On-call: The NOC handles first response 24/7. Engineering is second-line. Early on that's you; our intent is to grow a rotation as the team grows.

Team: You'll work with a distributed engineering team with members in the United States and Europe, reporting to the systems architect and partnering closely with network engineering. Founding-engineer scope on this platform, with clear intent to grow a team around you over 12–18 months.

This platform does not exist yet. You'll be building the first version of something that has to work reliably under the worst possible conditions — active attacks against a production network. That requires engineering judgment, not just execution. If you've built something like this before and want to do it again with more ownership, we'd like to talk.

Send a CV and a short note — one paragraph is enough — about something networked that you built, shipped, and saw encounter reality. Attack, outage, botched migration, scaling cliff — whatever taught you the most. We read every one.

Email: hr@fdcservers.net