Our Client Currently looking for Senior/Principal Software Engineer

What You’ll Do :

– Architect and build a production-grade resolver in Go, integrated with Securly’s DNS policy engine and Unbound infrastructure.

– Implement identity extraction from  URL template variables mapping encrypted DNS queries to device and user identity, and evaluate the degree to which this approach can replace SmartPAC DNS-RPC signaling.

– Build an Unbound plugin with filtering business logic to process DoH queries with identity parameters from the URL template.

– Integrate with Redis infrastructure for policy lookups, identity mapping, state management, and feature flags; document failure modes and define graceful degradation behavior.

– Own TLS termination : certificate provisioning, renewal, and ensuring Chrome correctly validates the DoH endpoint certificate.

– Architect and own the CloudFormation deployment stack : NLB, Auto Scaling Groups, Route53.

– Lead the POC and production hardening phases in collaboration with Securly’s Distinguished Engineer; produce a written ADR capturing tradeoffs and the go/no-go recommendation after POC.

– Mentor junior engineers on DNS fundamentals, Go patterns, and infrastructure-as-code practices.

– Document the new architecture and own knowledge transfer as the system transitions.

Skills & Requirements :

Must-Have :

– Go (Golang) expert-level, 5+ years production proficiency. Must be ready to build on day one.

– DNS protocol & architecture RFC 1035, recursive vs. authoritative resolution, DNSSEC, DNS wire format, Unbound as a recursive resolver.

– DNS-over-HTTPS (RFC 8484) DoH protocol, HTTP/2 transport, application/dns-message media type, Chrome DoH client behavior.

– Redis data structures, pipeline usage, policy lookup patterns, performance characteristics, failure mode handling.

– TLS / certificate management termination, provisioning, renewal, client certificate validation.

– Technical communication written ADRs, architecture diagrams, tradeoff analyses. L5 engineers leave a written record of major decisions.

Strongly Preferred :

– AWS (CloudFormation, NLB, ASG, Route53) Securly infrastructure is fully CloudFormation-managed.

– Unbound DNS server operational experience or module-level development.

– SmartPAC / PAC-based proxy architecture understanding of Securly’s existing DID/cookie/DNS-RPC identity system.

Nice to Have :

– C/C++ relevant if Unbound module development requires changes at the C layer.

– Chrome enterprise policy Google Admin Console, DnsOverHttpsMode, DnsOverHttpsTemplatesWithIdentifiers.

– K-12 EdTech / CIPA compliance / web content filtering domain experience.

Are you interested in this position?

Apply by clicking on the “Apply Now” button below!

#AlbionarcJobs#FintechJobs

#AsiaJobs#MiddleEastCareers

#TechTalent#FintechRecruitment

#FinanceOpportunities#