Senior Software Engineer (Rust) - Proxy Infrastructure

<h2>The Role</h2> <p>The <strong>Senior Software Engineer (Rust) - Proxy Infrastructure&nbsp;</strong>will own production hardening, performance validation, and infrastructure operations for Securly's Rust web filtering proxy — establishing the reliability and scalability baseline that millions of students depend on, and owning the on-premise Docker proxy appliance for school network environments.</p> <p>Your mission is to ensure the proxy performs, scales, and deploys reliably in production. You will own canary rollout configuration, CloudFormation-based scaling infrastructure, load testing strategy, and performance baseline definition. You will also own the on-premise Docker appliance — a lightweight Rust proxy deployed in school network environments that intercepts TCP traffic and prepends identity headers.</p> <p>At L5, this is not purely an infra-execution role. You are expected to identify systemic reliability risks in the proxy stack and propose architectural mitigations, not just react to incidents. You define what 'production-ready' means and enforce that bar.</p> <div class="meta-item"><hr>Level: <strong>L5&nbsp; &nbsp; &nbsp;</strong>Experience: <strong>8–15 Years&nbsp; &nbsp; &nbsp;</strong>Location: <strong>Pune, India&nbsp; &nbsp; &nbsp;</strong>Work Type: <strong>Hybrid (2 days onsite)&nbsp; &nbsp; &nbsp;</strong>Reports To: <strong>Filter Engineering Manager</strong></div> <hr> <h2>What You'll Do</h2> <ul> <li>Define what 'production-ready' means for the Rust proxy: establish written performance baselines, reliability criteria, and the specific metrics that trigger a rollback vs. a hotfix.</li> <li>Design and execute load tests to identify performance bottlenecks; profile memory and CPU under peak and sustained load; produce baseline documents the team references across deployments.</li> <li>Own canary rollout configuration and CloudFormation-based ASG scaling policies — modify templates, configure health checks, tune scaling behavior; document every configuration decision with rationale.</li> <li>Identify and propose mitigations for known proxy infrastructure risk areas including Redis behavior under peak throughput, CORS/proxy transparency edge cases, and connection pool exhaustion.</li> <li>Maintain and harden the on-premise Docker proxy appliance — image builds, container networking, minimal image design, and distribution to school network environments.</li> <li>Investigate and resolve production performance issues under peak load; produce written post-mortems that close the loop on root cause.</li> <li>Build monitoring, dashboards, and alerting for proxy infrastructure (CloudWatch, Splunk); define SLO targets and ensure alerting is calibrated to them.</li> <li>Contribute to C++ to Rust business logic conversion work alongside the Proxy Conversion engineer.</li> <li>Support TCP stream handling and socket-level work for the on-premise appliance: bidirectional forwarding, port interception, identity header injection.</li> </ul> <hr> <h2>Skills &amp; Requirements</h2> <div class="skill-section must"><hr> <h3>Must-Have</h3> <ul> <li>Rust — same production standard as the Proxy Conversion role: ownership, lifetimes, async/await (Tokio), systems-level networking. 4+ years at production level.</li> <li>Systems / network programming — TCP stream handling, socket programming, bidirectional forwarding; understanding what happens below the HTTP layer.</li> <li>Docker / containerization — image building, distribution, minimal image design for appliance deployment, container networking.</li> <li>Performance testing and profiling — load test design, memory and CPU profiling, bottleneck identification, flame graph analysis, production baseline definition.</li> <li>AWS (CloudFormation, NLB, ASG, EC2) — owns canary rollout; must independently modify CloudFormation templates, configure health checks, and tune ASG scaling policies from day one.</li> <li>Production ownership mindset — demonstrated ability to define reliability criteria, write post-mortems, set SLO targets, and hold a system to a documented standard. L5 engineers set the bar.</li> </ul> </div> <div class="skill-section pref"><hr> <h3>Strongly Preferred</h3> <ul> <li>C++ — required for contributing to the business logic conversion effort; must read and reason about existing proxy C++ code.</li> <li>Redis — performance impact under high load; experience with Redis behavior under peak throughput and failure mode handling.</li> <li>CORS and proxy transparency — experience diagnosing and resolving CORS errors and proxy authentication transparency issues.</li> </ul> </div> <div class="skill-section nice"><hr> <h3>Nice to Have</h3> <ul> <li>RADIUS protocol — the on-premise appliance integrates with RADIUS for user identity.</li> <li>Monitoring / observability — CloudWatch metrics and dashboards, Splunk log integration, SLO/SLA definition.</li> <li>Web filtering / content inspection domain experience — URL categorization, CIPA compliance.</li> </ul> </div> <hr> <h2>Who You Are</h2> <ul> <li>You take performance personally — you do not accept 'probably fast enough.' You profile, you measure, you prove it — and then you write it down.</li> <li>You have owned production infrastructure and understand that canary rollouts, health checks, and scaling policies are not afterthoughts — they are the job.</li> <li>You are comfortable in the systems layer: TCP streams, socket programming, and container networking are familiar territory.</li> <li>You identify systemic risks before they become incidents. You advocate for reliability improvements over tactical fixes.</li> <li>You produce written artifacts — post-mortems, baseline documents, SLO definitions — that outlast any individual incident or sprint.</li> <li>You operate well in an environment where production stability is a shared responsibility and on-call is part of the role.</li> </ul> <hr> <h2>What It Means to Be L5 at Securly</h2> <p>L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.</p> <ul> <li>Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your engineering manager.</li> <li>Identify and resolve ambiguity in requirements, system boundaries, and design tradeoffs without waiting for a fully-formed spec.</li> <li>Mentor L3/L4 engineers on the team: code reviews, design feedback, pairing, and raising the bar for what production-quality work looks like.</li> <li>Partner with your L6 technical lead and the Distinguished Engineer on architectural decisions, surfacing tradeoffs clearly rather than deferring them upward.</li> <li>Contribute to cross-team engineering standards: you are expected to influence practices beyond your immediate squad.</li> <li>Translate technical context into clear written artifacts that non-engineers (PM, Support, Leadership) can act on.</li> <li>Participate in on-call rotation and own the full incident lifecycle for your system: detection, diagnosis, resolution, and retrospective.</li> </ul> <hr> <h2>About Securly</h2> <div class="about"> <p>Securly processes over 1.1 billion requests per day and 54 TB of data daily, protecting more than 20 million students across 20,000+ schools globally. Since pioneering the first cloud-based web filter for K-12 in 2013, Securly has built one of the most trusted, high-scale platforms for student safety, wellness, and engagement. By turning data into meaningful, actionable intelligence, Securly enables schools to identify risk earlier, reduce harmful incidents, and strengthen student support.</p> <p>We are proud to be consistently recognized as a Top Place to Work, named a Top 40 Most Used EdTech platform, and included on the GSV 150 list as one of the most transformational growth companies in digital learning and workforce skills.</p> </div> <hr> <h2>Benefits</h2> <div class="benefits"> <ul> <li>Comprehensive Health Insurance (employee, parents, spouse, children)</li> <li>Accidental &amp; Term Life Insurance</li> <li>Learning &amp; Development reimbursement</li> <li>Paid Time Off</li> <li>Public Holidays (10+ per year)</li> <li>Retirement Benefits (EPF &amp; gratuity)</li> <li>Parental Leave (as per statutory norms)</li> </ul> </div> <div class="eeo"><hr><strong>Equal Opportunity Employer</strong><br>Securly is an Equal Opportunity Employer committed to inclusion, fairness, and respect. We welcome applicants from all backgrounds, identities, and experiences. #LI-REMOTE #LI-DO1</div>