Software Engineer

Broadcom•San Diego, CA

27d

About The Position

Broadcom’s Application Networking and Security (ANS) division develops advanced security solutions, including distributed firewall and micro-segmentation technologies that protect east-west traffic across enterprise data centers. We are seeking a Software Engineer to join our growing team. In this role, you will be part of the Container Security team, building the security layer that operates between container orchestrators and application workloads. You will collaborate in a fast-paced, agile environment to design and develop scalable solutions that address real-world on-prem cloud and data center security challenges. The ideal candidate has a strong interest in distributed systems, container networking, and innovative approaches to securing modern infrastructure. What You'll Actually Work On These are the product areas and engineering problems you'll spend your time on: Network policy and segmentation — enforcing L3-L7 security policies between pods, namespaces, and clusters. Implementing micro-segmentation concepts within Kubernetes; experience with VMware DFW is a plus. Runtime threat detection — building detection capabilities that identify anomalous behavior, policy violations, and lateral movement across containerized workloads. Kubernetes security posture — enforcing pod security standards, RBAC policies, secrets management, and security controls across the cluster lifecycle. Distributed and stateful workloads — securing workloads that require consensus, replication, and fault tolerance — including databases running on Kubernetes via operators or StatefulSets. Security telemetry and observability — working with high-volume data systems (e.g., ClickHouse) for large-scale security event ingestion, querying, and analysis. Building audit log pipelines and integrating with observability stacks. How You'll Work This is how you'll operate day-to-day: Own components end-to-end — from design spec through production support Break down ambiguous problems into clear technical designs before writing code Write Go — the primary language for all services, controllers, and operators Debug across layers — Kubernetes control plane, networking, and cluster-level issues using Prometheus, Grafana, kubectl debug, crictl, and audit logs Build automated tests that validate security correctness and prevent regressions Lead and participate in code reviews with a focus on correctness and maintainability Collaborate across teams — work with networking, platform, and QA engineers Ship in agile sprints — participate in all phases of the development cycle What Makes You a Strong Fit If you enjoy making enterprise infrastructure secure by default — and building systems that other engineers trust without thinking about — this team is for you.

Requirements

Deep hands-on experience with Kubernetes internals — control plane, kubelet lifecycle, CRDs, admission webhooks, CSI, and Kubernetes Operators
Strong Go skills — building operators, controllers, microservices, or CLI tools
Solid understanding of container security — pod security standards, RBAC, secrets management, and runtime threat detection
Strong knowledge of security constructs — network policies, segmentation, micro-segmentation concepts; experience with VMware DFW is a plus
Experience with distributed systems and stateful workloads — consensus, replication, fault tolerance, and running databases on Kubernetes via operators or StatefulSets
Exposure to high-volume data systems — analytical databases like ClickHouse, large-scale data ingestion and querying workloads
Strong troubleshooting and observability skills — diagnosing cluster-level issues using Prometheus, Grafana, kubectl debug, crictl, and audit log pipelines
Good understanding of TCP/IP network layers L2-L7
Systems programming fundamentals — multithreading, IPC, sockets, signals
Ability to work independently on complex problems and collaborate across teams
Experience working in an Agile environment using Git-based workflows
Bachelor's degree plus 8+ years of related experience, or Master's degree and 6+ years

Nice To Haves

experience with VMware DFW

Responsibilities

enforcing L3-L7 security policies between pods, namespaces, and clusters
Implementing micro-segmentation concepts within Kubernetes
building detection capabilities that identify anomalous behavior, policy violations, and lateral movement across containerized workloads
enforcing pod security standards, RBAC policies, secrets management, and security controls across the cluster lifecycle
securing workloads that require consensus, replication, and fault tolerance
working with high-volume data systems (e.g., ClickHouse) for large-scale security event ingestion, querying, and analysis
Building audit log pipelines and integrating with observability stacks
Own components end-to-end — from design spec through production support
Break down ambiguous problems into clear technical designs before writing code
Write Go — the primary language for all services, controllers, and operators
Debug across layers — Kubernetes control plane, networking, and cluster-level issues using Prometheus, Grafana, kubectl debug, crictl, and audit logs
Build automated tests that validate security correctness and prevent regressions
Lead and participate in code reviews with a focus on correctness and maintainability
Collaborate across teams — work with networking, platform, and QA engineers
Ship in agile sprints — participate in all phases of the development cycle