Startup Jobs
Post a Job
Securly
Securly

Senior Software Engineer (Rust) - Proxy Services

Pune, India
Hybrid

TLDR

Own the conversion of Securly's web filtering proxy business logic from C++ to production Rust, maintaining behavioral parity for millions of students daily.

The Role

The Senior Software Engineer (Rust) - Proxy Services will own the conversion of Securly's web filtering proxy business logic from C++ to production Rust — maintaining behavioral parity across a high-throughput proxy that handles HTTP/HTTPS traffic for millions of students daily.

A modern, memory-safe Rust proxy is already underway at Securly. When you join, the initial Rust proxy is in production and your mission is the next phase: integrating and converting the existing C++ business logic into production Rust. This means reading C++, reasoning about behavior, and re-implementing it correctly — including HTTPS tunneling, TLS interception, JavaScript injection into HTML responses (the ACP-48 shim pattern), and Redis-based policy lookups. Precision and behavioral correctness are non-negotiable.

At L5, you are not just a skilled implementer. You own the conversion strategy, define the phasing and testing approach, surface architectural risks to the L6 lead, and raise the Rust competency of the broader proxy team.

Level: L5____Experience: 8–15 Years_____Location: Pune, India_____Work Type: Hybrid (2 days onsite)_____Reports To: Filter Engineering Manager

What You'll Do

  • Own the C++ to Rust conversion strategy: define the porting sequence, identify behavioral risks, and establish the testing approach that gives confidence in parity before cutover.
  • Read, debug, and deeply understand existing C++ proxy business logic, then port it to production Rust with full behavioral parity.
  • Build and maintain forward proxy operations: HTTPS CONNECT tunneling, TLS interception, HTTP/1.1 and HTTP/2, header manipulation, connection pooling.
  • Implement JavaScript content script injection into HTML responses (ACP-48 shim pattern) — enabling proxy-side injection for customers not served by the Chrome extension.
  • Integrate Redis-based real-time policy lookups; handle Redis failure modes gracefully; document degraded-mode behavior and validate it under load.
  • Profile and benchmark proxy performance under high-concurrency load; use flame graphs to validate changes; maintain a written performance baseline document.
  • Identify gaps in the existing C++ codebase where behavior is unclear or likely incorrect — treating the port as an opportunity to improve, not just replicate.
  • Mentor junior Rust engineers on ownership models, async patterns, and systems-level debugging.
  • Collaborate closely with the Proxy Hardening engineer on shared infrastructure and production issues.

Skills & Requirements

Must-Have

  • Rust — deep production expertise: ownership, lifetimes, async/await (Tokio), high-concurrency networking, unsafe code awareness. 4+ years at production level. Must build on day one.
  • C++ — ability to read, navigate, debug, and reason about a large legacy C++ codebase. Confident C++ reading is non-negotiable.
  • HTTP proxy architecture — forward proxy operation, HTTPS CONNECT tunneling, TLS interception (MITM), HTTP/1.1 and HTTP/2, header manipulation, connection pooling.
  • Redis — data structures, performance characteristics, and failure mode handling in a proxy hot-path.
  • Conversion / porting methodology — demonstrated ability to define a phased porting strategy: behavioral decomposition, parity testing, risk-ranked sequencing. L5 owns the plan, not just the execution.

Strongly Preferred

  • JavaScript / browser content scripts — injecting content scripts into HTML responses, navigating CSP, CORS, and Same-Origin Policy.
  • AWS (CloudFormation, NLB, ASG, EC2) — proxy infrastructure is CloudFormation-managed.
  • Performance profiling / load testing — flame graphs, benchmarking tools, high-concurrency load testing.

Nice to Have

  • Web filtering / content inspection domain experience — URL categorization, security product internals, CIPA compliance.
  • Docker / containerization — relevant to on-premise proxy appliance work as a secondary project.

Who You Are

  • You are the engineer who reads crash dumps for fun. Memory safety, ownership models, and undefined behavior are topics you have strong opinions about.
  • You have ported or rewritten production systems before and understand that behavioral parity is significantly harder than it appears.
  • You can navigate a large legacy C++ codebase without documentation. You treat it as archaeology, not an obstacle.
  • You take correctness seriously — you do not ship a port until you are confident it behaves identically to what it replaced, and you have the test coverage to prove it.
  • You define the plan, not just execute it. You produce written conversion strategies, risk registers, and performance baseline documents.
  • You make other engineers better. You are sought out for Rust code reviews and junior engineers ship better code after working with you.

What It Means to Be L5 at Securly

L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.

  • Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your engineering manager.
  • Identify and resolve ambiguity in requirements, system boundaries, and design tradeoffs without waiting for a fully-formed spec.
  • Mentor L3/L4 engineers on the team: code reviews, design feedback, pairing, and raising the bar for what production-quality work looks like.
  • Partner with your L6 technical lead and the Distinguished Engineer on architectural decisions, surfacing tradeoffs clearly rather than deferring them upward.
  • Contribute to cross-team engineering standards: you are expected to influence practices beyond your immediate squad.
  • Translate technical context into clear written artifacts that non-engineers (PM, Support, Leadership) can act on.
  • Participate in on-call rotation and own the full incident lifecycle for your system: detection, diagnosis, resolution, and retrospective.

About Securly

Securly processes over 1.1 billion requests per day and 54 TB of data daily, protecting more than 20 million students across 20,000+ schools globally. Since pioneering the first cloud-based web filter for K-12 in 2013, Securly has built one of the most trusted, high-scale platforms for student safety, wellness, and engagement. By turning data into meaningful, actionable intelligence, Securly enables schools to identify risk earlier, reduce harmful incidents, and strengthen student support.

We are proud to be consistently recognized as a Top Place to Work, named a Top 40 Most Used EdTech platform, and included on the GSV 150 list as one of the most transformational growth companies in digital learning and workforce skills.

Benefits

  • Comprehensive Health Insurance (employee, parents, spouse, children)
  • Accidental & Term Life Insurance
  • Learning & Development reimbursement
  • Paid Time Off
  • Public Holidays (10+ per year)
  • Retirement Benefits (EPF & gratuity)
  • Parental Leave (as per statutory norms)
Equal Opportunity Employer
Securly is an Equal Opportunity Employer committed to inclusion, fairness, and respect. We welcome applicants from all backgrounds, identities, and experiences. #LI-REMOTE #LI-DO1
Securly
Securly

Securly builds AI-powered student safety and wellness solutions specifically for K-12 schools. By protecting over 20 million students in more than 20,000 schools globally, we empower educators to create safer, more supportive learning environments.

Founded
Founded 2011
Employees
51-200 employees
Industry
Internet Software & Services
Total raised
$23M raised
View company profile
Senior Software Engineer
Report this job
Apply for this job