Senior Engineer - Security Products (Backend APIs)

Fastly•San Francisco, CA

7h•$181,220 - $217,464•Hybrid

About The Position

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s prominent companies, including GitHub, Yelp, Paramount, and JetBlue. We're building a more trustworthy Internet. Come join us. Senior Backend Software Engineer (APIs), Security Products Some of the largest sites on the internet trust Fastly to keep them safe. The Security Products Console team owns the public-facing interface they use to do it - configuring Next-Gen WAF, DDoS protection, Bot Management, and the products we're building next. Our APIs meet critical business needs. Customers deploy them during active attacks, automate them through Terraform and CI/CD, and build entire security workflows on top of them. When the threat landscape moves, our APIs are how customers move with it. A bad release here leaves them exposed when they need us most: a great one is invisible, and that's the bar. We're hiring as the API surface scales for new product launches and a growing developer ecosystem. You'll be one of the engineers shaping what that surface looks like for the next several years.

Requirements

Hands-on experience designing and building reliable, large-scale backend systems - most Senior Engineers at Fastly have at least 5 years of relevant experience
5+ years shipping production Go as your primary language.
3+ years on public APIs with external consumers. You've shipped a breaking change to customers who'd already integrated against your API. You've written a deprecation notice that actually went out.
You drive projects, not just tasks. You've owned a multi-week effort end-to-end: design doc through post-launch.
Good judgement on RESTful API design: resource modeling, versioning, idempotency, error semantics, pagination, OpenAPI. You've made one of these calls wrong in production and remember what it cost to clean up.
You design for the people downstream of your API. The customer hitting your endpoint at 3am, the support engineer debugging their escalation, the frontend teammate integrating against your contract. You've watched a vague error message of yours confuse someone and changed how you write them since
Testing and observability as subtraction, not addition. You can name a metric you added that paid off — and one you'd delete now.
Coding agents as a daily driver, not reluctantly. This team uses them heavily

Nice To Haves

Built or operated security products (WAF, bot, DDoS, app security).
Working knowledge of auth at API scale (RBAC, OAuth, JWT, SAML)

Responsibilities

Design, ship, and own public-facing APIs and backend services in Go -from technical proposal & design docs through implementation, testing, and production rollout and on-call support.
Use AI coding agents as part of your daily workflow.
Partner with frontend engineers, product managers, and security researchers to ship the customer experience end-to-end.
Take ambiguous or broadly-scoped problems and turn them into well-defined technical plans that the team can execute on.
Author design and architectural documents and use them to drive alignment across engineering and product teams
Collaborate with internal platform teams, product managers, and stakeholders across the organization the understand needs and deliver impactful solutions
Consider stability, performance, and scalability in your designs and in the guidance you provide to the team
Mentor and grow other engineers on the team through code review, pairing, and technical leadership
Participate in an on-call rotation