Skip to main content
Back to jobs

Senior Software Engineer (GO)- DNS & Network Systems

External
securly13 logoSecurly13 · Pune City, India
Full-timeOn-site1mo ago
AWSCloudFormationComplianceDNSNetwork SecurityRedis
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

As a Senior Software Engineer (GO) - DNS & Network Systems , you will own the architecture and delivery of Securly's DNS-over-HTTPS (DoH) resolver - a production-grade, identity-aware DNS service that enforces filtering policy at the browser and OS level for millions of students on managed Chromebooks. This is a critical infrastructure role at the intersection of DNS, identity, and network security. You will design and build a high-performance DoH resolver in Go that extracts device and user identity from Chrome enterprise policy URL templates and integrates with Securly's DNS policy engine and Redis infrastructure. You own the full lifecycle: architecture, implementation, TLS configuration, and production deployment on AWS. This role is the technical foundation of a potential simplification of Securly's SmartPAC identity architecture. Done well, it could collapse significant DNS-RPC signaling complexity (DID/cookie system, IP fusing, brokering state) that has been a source of reliability issues. The scope of that architectural decision will evolve with the POC, and you will be the engineer best positioned to inform it. Level: L5-L6_____ Experience: 8-15 Years_____ Location: Pune, India_____ Work Type: Hybrid (2 days onsite)_____ Reports To: Filter Engineering Manager

Responsibilities

  • Architect and build a production-grade DoH resolver in Go, integrated with Securly's DNS policy engine and Unbound infrastructure.
  • Implement identity extraction from Chrome's DnsOverHttpsTemplatesWithIdentifiers URL template variables - mapping encrypted DNS queries to device and user identity, and evaluate the degree to which this approach can replace SmartPAC DNS-RPC signaling.
  • Build an Unbound plugin with filtering business logic to process DoH queries with identity parameters from the URL template.
  • Integrate with Redis infrastructure for policy lookups, identity mapping, state management, and feature flags; document failure modes and define graceful degradation behavior.
  • Own TLS termination: certificate provisioning, renewal, and ensuring Chrome correctly validates the DoH endpoint certificate.
  • Architect and own the CloudFormation deployment stack: NLB, Auto Scaling Groups, Route53.
  • Lead the POC and production hardening phases in collaboration with Securly's Distinguished Engineer; produce a written ADR capturing tradeoffs and the go/no-go recommendation after POC.
  • Mentor junior engineers on DNS fundamentals, Go patterns, and infrastructure-as-code practices.
  • Document the new architecture and own knowledge transfer as the system transitions.
  • Skills & Requirements

Requirements

  • Go (Golang) - expert-level, 5+ years production proficiency. Must be ready to build on day one.
  • DNS protocol & architecture - RFC 1035, recursive vs. authoritative resolution, DNSSEC, DNS wire format, Unbound as a recursive resolver.
  • DNS-over-HTTPS (RFC 8484) - DoH protocol, HTTP/2 transport, application/dns-message media type, Chrome DoH client behavior.
  • Redis - data structures, pipeline usage, policy lookup patterns, performance characteristics, failure mode handling.
  • TLS / certificate management - termination, provisioning, renewal, client certificate validation.
  • Technical communication - written ADRs, architecture diagrams, tradeoff analyses. L5 engineers leave a written record of major decisions.
  • Strongly Preferred
  • AWS (CloudFormation, NLB, ASG, Route53) - Securly infrastructure is fully CloudFormation-managed.
  • Unbound DNS server - operational experience or module-level development.
  • SmartPAC / PAC-based proxy architecture - understanding of Securly's existing DID/cookie/DNS-RPC identity system.
  • C/C++ - relevant if Unbound module development requires changes at the C layer.
  • Chrome enterprise policy - Google Admin Console, DnsOverHttpsMode, DnsOverHttpsTemplatesWithIdentifiers.
  • K-12 EdTech / CIPA compliance / web content filtering domain experience.
  • You think in protocols. DNS, TLS, HTTP/2 - you know what happens at the wire level and find that interesting, not painful.
  • You are comfortable owning a project end to end: from research and POC through production hardening and deployment, without being handed a spec.
  • You write Go that other senior engineers want to read. Idiomatic, tested, observable.
  • You have worked on infrastructure other products depend on and understand what production ownership actually means.
  • You produce written artifacts (ADRs, position papers, risk registers) to anchor ambiguous decisions rather than leaving them implicit.
  • You make other engineers better. Your code reviews are substantive, your design feedback is specific.
  • What It Means to Be L5 at Securly
  • L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.
  • Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your engineering manager.
  • Identify and resolve ambiguity in requirements, system boundaries, and desi

Benefits

Vision insurance

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at securly13? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect