Senior Proxy Engineer

About The Position

Requirements

• Expert command of HTTP and related application-layer protocols
• Deep experience architecting proxy systems
• Primary development fluency in Go
• Strong Lua scripting skills for runtime extensibility

Nice To Haves

• Familiarity with OpenTelemetry for deep proxy observability

Responsibilities

• Architect and implement high-performance forward, reverse, and transparent proxy systems in Go with clean separation between the connection layer, protocol layer, routing layer, and upstream layer
• Design proxy pipeline stages end-to-end: listener configuration, connection acceptance, TLS termination, protocol detection, virtual hosting, routing rule evaluation, request transformation, upstream selection, response streaming, and connection teardown
• Build robust connection lifecycle management: keep-alive handling, half-close semantics, graceful shutdown, drain periods, and connection migration for rolling deployments
• Implement traffic shaping primitives within the proxy: request hedging, retry budgets, timeout hierarchies (connect, first byte, total request), circuit breakers, and adaptive concurrency limits
• Design and maintain upstream connection pools with configurable keep-alive timeouts, max idle connections per host, connection health checks, and zero-downtime upstream replacement
• Own the header manipulation pipeline: request and response header rewriting, injection, removal, and normalisation with attention to correctness under HTTP/1.1 and HTTP/2 semantics
• Architect multi-tenant proxy configurations with per-tenant routing policies, rate limits, authentication schemes, and traffic isolation guarantees
• Maintain expert-level understanding of the core HTTP specification suite: RFC 9110 (HTTP Semantics), RFC 9112 (HTTP/1.1 Message Syntax), RFC 9113 (HTTP/2), RFC 9114 (HTTP/3), and RFC 9000 (QUIC)
• Implement correct HTTP/1.1 connection management: persistent connections, keep-alive negotiation, chunked transfer encoding, request pipelining, and trailer fields
• Implement full HTTP/2 support: stream multiplexing, flow control (stream and connection level), header compression via HPACK, server push, RST_STREAM handling, and SETTINGS negotiation
• Build HTTP/3 and QUIC proxying support: stream prioritisation, 0-RTT connection establishment, connection migration, and loss-recovery-aware flow control
• Implement cache-control semantics per RFC 9111: Vary header handling, conditional request support (ETags, If-Modified-Since, If-None-Match), surrogate-key invalidation, and stale-while-revalidate
• Handle HTTP edge cases defensively: malformed header detection, header field size limits, request smuggling mitigations (CL-TE and TE-CL desync), response splitting defences, and observer-invisible whitespace normalisation
• Support WebSocket upgrade flows with correct Upgrade/Connection header handling, frame proxying, bidirectional streaming, and Ping/Pong keepalive management
• Implement gRPC-over-HTTP/2 proxying: correct framing of length-prefixed messages, trailer handling for gRPC status codes, streaming RPC proxying, and gRPC-Web transcode

Benefits

• Competitive compensation
• Comprehensive benefits
• Career success on your terms
• Flexible work environment
• Annual wellness and community outreach days
• Always on recognition for your contributions
• Global collaboration and networking opportunities
• flexible time off
• a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year
• a three-week Work from Anywhere option