Senior Software Engineer (Rust) - Proxy Services

About the role

The Senior Software Engineer (Rust) - Proxy Services will own the conversion of Securly's web filtering proxy business logic from C++ to production Rust - maintaining behavioral parity across a high-throughput proxy that handles HTTP/HTTPS traffic for millions of students daily. A modern, memory-safe Rust proxy is already underway at Securly. When you join, the initial Rust proxy is in production and your mission is the next phase: integrating and converting the existing C++ business logic into production Rust. This means reading C++, reasoning about behavior, and re-implementing it correctly - including HTTPS tunneling, TLS interception, JavaScript injection into HTML responses (the ACP-48 shim pattern), and Redis-based policy lookups. Precision and behavioral correctness are non-negotiable. At L5, you are not just a skilled implementer. You own the conversion strategy, define the phasing and testing approach, surface architectural risks to the L6 lead, and raise the Rust competency of the broader proxy team. Level: L5____ Experience: 8-15 Years_____ Location: Pune, India_____ Work Type: Hybrid (2 days onsite)_____ Reports To: Filter Engineering Manager

Responsibilities

• Own the C++ to Rust conversion strategy: define the porting sequence, identify behavioral risks, and establish the testing approach that gives confidence in parity before cutover.
• Read, debug, and deeply understand existing C++ proxy business logic, then port it to production Rust with full behavioral parity.
• Build and maintain forward proxy operations: HTTPS CONNECT tunneling, TLS interception, HTTP/1.1 and HTTP/2, header manipulation, connection pooling.
• Implement JavaScript content script injection into HTML responses (ACP-48 shim pattern) - enabling proxy-side injection for customers not served by the Chrome extension.
• Integrate Redis-based real-time policy lookups; handle Redis failure modes gracefully; document degraded-mode behavior and validate it under load.
• Profile and benchmark proxy performance under high-concurrency load; use flame graphs to validate changes; maintain a written performance baseline document.
• Identify gaps in the existing C++ codebase where behavior is unclear or likely incorrect - treating the port as an opportunity to improve, not just replicate.
• Mentor junior Rust engineers on ownership models, async patterns, and systems-level debugging.
• Collaborate closely with the Proxy Hardening engineer on shared infrastructure and production issues.
• Skills & Requirements

Requirements

• Rust - deep production expertise: ownership, lifetimes, async/await (Tokio), high-concurrency networking, unsafe code awareness. 4+ years at production level. Must build on day one.
• C++ - ability to read, navigate, debug, and reason about a large legacy C++ codebase. Confident C++ reading is non-negotiable.
• HTTP proxy architecture - forward proxy operation, HTTPS CONNECT tunneling, TLS interception (MITM), HTTP/1.1 and HTTP/2, header manipulation, connection pooling.
• Redis - data structures, performance characteristics, and failure mode handling in a proxy hot-path.
• Conversion / porting methodology - demonstrated ability to define a phased porting strategy: behavioral decomposition, parity testing, risk-ranked sequencing. L5 owns the plan, not just the execution.
• Strongly Preferred
• JavaScript / browser content scripts - injecting content scripts into HTML responses, navigating CSP, CORS, and Same-Origin Policy.
• AWS (CloudFormation, NLB, ASG, EC2) - proxy infrastructure is CloudFormation-managed.
• Performance profiling / load testing - flame graphs, benchmarking tools, high-concurrency load testing.
• Web filtering / content inspection domain experience - URL categorization, security product internals, CIPA compliance.
• Docker / containerization - relevant to on-premise proxy appliance work as a secondary project.
• You are the engineer who reads crash dumps for fun. Memory safety, ownership models, and undefined behavior are topics you have strong opinions about.
• You have ported or rewritten production systems before and understand that behavioral parity is significantly harder than it appears.
• You can navigate a large legacy C++ codebase without documentation. You treat it as archaeology, not an obstacle.
• You take correctness seriously - you do not ship a port until you are confident it behaves identically to what it replaced, and you have the test coverage to prove it.
• You define the plan, not just execute it. You produce written conversion strategies, risk registers, and performance baseline documents.
• You make other engineers better. You are sought out for Rust code reviews and junior engineers ship better code after working with you.
• What It Means to Be L5 at Securly
• L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.
• Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at securly13? Share your experience