Hiring.fm
Securly13

Senior Rust Engineer – Proxy Conversion & Business Logic

Pune City, Maharashtra, India Full Time

The Role

The Senior Rust Engineer will own the conversion of Securly's web filtering proxy business logic from C++ to production Rust — maintaining behavioral parity across a high-throughput proxy that handles HTTP/HTTPS traffic for millions of students daily.

A modern, memory-safe Rust proxy is already underway at Securly. When you join, the initial Rust proxy is in production and your mission is the next phase: integrating and converting the existing C++ business logic into production Rust. This means reading C++, reasoning about behavior, and re-implementing it correctly — including HTTPS tunneling, TLS interception, JavaScript injection into HTML responses (the ACP-48 shim pattern), and Redis-based policy lookups. Precision and behavioral correctness are non-negotiable.

At L5, you are not just a skilled implementer. You own the conversion strategy, define the phasing and testing approach, surface architectural risks to the L6 lead, and raise the Rust competency of the broader proxy team.

Level: L5
Experience: 8–15 Years
Location: Pune, India
Work Type: Hybrid (2 days onsite)
Reports To: Filter Engineering Manager

What It Means to Be L5 at Securly

L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.

  • Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your engineering manager.
  • Identify and resolve ambiguity in requirements, system boundaries, and design tradeoffs without waiting for a fully-formed spec.
  • Mentor L3/L4 engineers on the team: code reviews, design feedback, pairing, and raising the bar for what production-quality work looks like.
  • Partner with your L6 technical lead and the Distinguished Engineer on architectural decisions, surfacing tradeoffs clearly rather than deferring them upward.
  • Contribute to cross-team engineering standards: you are expected to influence practices beyond your immediate squad.
  • Translate technical context into clear written artifacts that non-engineers (PM, Support, Leadership) can act on.
  • Participate in on-call rotation and own the full incident lifecycle for your system: detection, diagnosis, resolution, and retrospective.

What You'll Do

  • Own the C++ to Rust conversion strategy: define the porting sequence, identify behavioral risks, and establish the testing approach that gives confidence in parity before cutover.
  • Read, debug, and deeply understand existing C++ proxy business logic, then port it to production Rust with full behavioral parity.
  • Build and maintain forward proxy operations: HTTPS CONNECT tunneling, TLS interception, HTTP/1.1 and HTTP/2, header manipulation, connection pooling.
  • Implement JavaScript content script injection into HTML responses (ACP-48 shim pattern) — enabling proxy-side injection for customers not served by the Chrome extension.
  • Integrate Redis-based real-time policy lookups; handle Redis failure modes gracefully; document degraded-mode behavior and validate it under load.
  • Profile and benchmark proxy performance under high-concurrency load; use flame graphs to validate changes; maintain a written performance baseline document.
  • Identify gaps in the existing C++ codebase where behavior is unclear or likely incorrect — treating the port as an opportunity to improve, not just replicate.
  • Mentor junior Rust engineers on ownership models, async patterns, and systems-level debugging.
  • Collaborate closely with the Proxy Hardening engineer on shared infrastructure and production issues.

Skills & Requirements

Must-Have

  • Rust — deep production expertise: ownership, lifetimes, async/await (Tokio), high-concurrency networking, unsafe code awareness. 4+ years at production level. Must build on day one.
  • C++ — ability to read, navigate, debug, and reason about a large legacy C++ codebase. Confident C++ reading is non-negotiable.
  • HTTP proxy architecture — forward proxy operation, HTTPS CONNECT tunneling, TLS interception (MITM), HTTP/1.1 and HTTP/2, header manipulation, connection pooling.
  • Redis — data structures, performance characteristics, and failure mode handling in a proxy hot-path.
  • Conversion / porting methodology — demonstrated ability to define a phased porting strategy: behavioral decomposition, parity testing, risk-ranked sequencing. L5 owns the plan, not just the execution.

Strongly Preferred

  • JavaScript / browser content scripts — injecting content scripts into HTML responses, navigating CSP, CORS, and Same-Origin Policy.
  • AWS (CloudFormation, NLB, ASG, EC2) — proxy infrastructure is CloudFormation-managed.
  • Performance profiling / load testing — flame graphs, benchmarking tools, high-concurrency load testing.

Nice to Have

  • Web filtering / content inspection domain experience — URL categorization, security product internals, CIPA compliance.
  • Docker / containerization — relevant to on-premise proxy appliance work as a secondary project.

Who You Are

  • You are the engineer who reads crash dumps for fun. Memory safety, ownership models, and undefined behavior are topics you have strong opinions about.
  • You have ported or rewritten production systems before and understand that behavioral parity is significantly harder than it appears.
  • You can navigate a large legacy C++ codebase without documentation. You treat it as archaeology, not an obstacle.
  • You take correctness seriously — you do not ship a port until you are confident it behaves identically to what it replaced, and you have the test coverage to prove it.
  • You define the plan, not just execute it. You produce written conversion strategies, risk registers, and performance baseline documents.
  • You make other engineers better. You are sought out for Rust code reviews and junior engineers ship better code after working with you.

About Securly

Securly processes over 1.1 billion requests per day and 54 TB of data daily, protecting more than 20 million students across 20,000+ schools globally. Since pioneering the first cloud-based web filter for K-12 in 2013, Securly has built one of the most trusted, high-scale platforms for student safety, wellness, and engagement. By turning data into meaningful, actionable intelligence, Securly enables schools to identify risk earlier, reduce harmful incidents, and strengthen student support.

We are proud to be consistently recognized as a Top Place to Work, named a Top 40 Most Used EdTech platform, and included on the GSV 150 list as one of the most transformational growth companies in digital learning and workforce skills.

Benefits

  • Comprehensive Health Insurance (employee, parents, spouse, children)
  • Accidental & Term Life Insurance
  • Learning & Development reimbursement
  • Paid Time Off
  • Public Holidays (10+ per year)
  • Retirement Benefits (EPF & gratuity)
  • Parental Leave (as per statutory norms)
Equal Opportunity Employer
Securly is an Equal Opportunity Employer committed to inclusion, fairness, and respect. We welcome applicants from all backgrounds, identities, and experiences. #LI-REMOTE #LI-DO1

Related Jobs

Continuous Improvement Engineer

Trü frü
Saint Paris, Ohio; Salt Lake City, Utah
Full Time

Lead, Site Merchandising

Iherb
United States of America - Irvine, California
Full Time

Implementation Specialist, Consent

Datagrail
Remote - United States
Full Time

Lead, Supplier Development Engineering

Relativity
Long Beach, California
Full Time

Senior Claims Advocate

Next insurance
Remote
Full Time

M&E Associate (Rapid Experimentation)

Givedirectly
Nairobi, Kenya
Full Time