As a Senior Software Engineer (GO) - DNS & Network Systems, you will own the architecture and delivery of Securly's DNS-over-HTTPS (DoH) resolver — a production-grade, identity-aware DNS service that enforces filtering policy at the browser and OS level for millions of students on managed Chromebooks.
This is a critical infrastructure role at the intersection of DNS, identity, and network security. You will design and build a high-performance DoH resolver in Go that extracts device and user identity from Chrome enterprise policy URL templates and integrates with Securly's DNS policy engine and Redis infrastructure. You own the full lifecycle: architecture, implementation, TLS configuration, and production deployment on AWS.
This role is the technical foundation of a potential simplification of Securly's SmartPAC identity architecture. Done well, it could collapse significant DNS-RPC signaling complexity (DID/cookie system, IP fusing, brokering state) that has been a source of reliability issues. The scope of that architectural decision will evolve with the POC, and you will be the engineer best positioned to inform it.
- Architect and build a production-grade DoH resolver in Go, integrated with Securly's DNS policy engine and Unbound infrastructure.
- Implement identity extraction from Chrome's DnsOverHttpsTemplatesWithIdentifiers URL template variables — mapping encrypted DNS queries to device and user identity, and evaluate the degree to which this approach can replace SmartPAC DNS-RPC signaling.
- Build an Unbound plugin with filtering business logic to process DoH queries with identity parameters from the URL template.
- Integrate with Redis infrastructure for policy lookups, identity mapping, state management, and feature flags; document failure modes and define graceful degradation behavior.
- Own TLS termination: certificate provisioning, renewal, and ensuring Chrome correctly validates the DoH endpoint certificate.
- Architect and own the CloudFormation deployment stack: NLB, Auto Scaling Groups, Route53.
- Lead the POC and production hardening phases in collaboration with Securly's Distinguished Engineer; produce a written ADR capturing tradeoffs and the go/no-go recommendation after POC.
- Mentor junior engineers on DNS fundamentals, Go patterns, and infrastructure-as-code practices.
- Document the new architecture and own knowledge transfer as the system transitions.
- Go (Golang) — expert-level, 5+ years production proficiency. Must be ready to build on day one.
- DNS protocol & architecture — RFC 1035, recursive vs. authoritative resolution, DNSSEC, DNS wire format, Unbound as a recursive resolver.
- DNS-over-HTTPS (RFC 8484) — DoH protocol, HTTP/2 transport, application/dns-message media type, Chrome DoH client behavior.
- Redis — data structures, pipeline usage, policy lookup patterns, performance characteristics, failure mode handling.
- TLS / certificate management — termination, provisioning, renewal, client certificate validation.
- Technical communication — written ADRs, architecture diagrams, tradeoff analyses. L5 engineers leave a written record of major decisions.
- AWS (CloudFormation, NLB, ASG, Route53) — Securly infrastructure is fully CloudFormation-managed.
- Unbound DNS server — operational experience or module-level development.
- SmartPAC / PAC-based proxy architecture — understanding of Securly's existing DID/cookie/DNS-RPC identity system.
- C/C++ — relevant if Unbound module development requires changes at the C layer.
- Chrome enterprise policy — Google Admin Console, DnsOverHttpsMode, DnsOverHttpsTemplatesWithIdentifiers.
- K-12 EdTech / CIPA compliance / web content filtering domain experience.
- You think in protocols. DNS, TLS, HTTP/2 — you know what happens at the wire level and find that interesting, not painful.
- You are comfortable owning a project end to end: from research and POC through production hardening and deployment, without being handed a spec.
- You write Go that other senior engineers want to read. Idiomatic, tested, observable.
- You have worked on infrastructure other products depend on and understand what production ownership actually means.
- You produce written artifacts (ADRs, position papers, risk registers) to anchor ambiguous decisions rather than leaving them implicit.
- You make other engineers better. Your code reviews are substantive, your design feedback is specific.
L5 at Securly is a Staff Engineer. You are the technical owner, not just an implementer.
- Drive technical direction for your initiative end-to-end: from architecture to production, with minimal oversight from your engineering manager.
- Identify and resolve ambiguity in requirements, system boundaries, and design tradeoffs without waiting for a fully-formed spec.
- Mentor L3/L4 engineers on the team: code reviews, design feedback, pairing, and raising the bar for what production-quality work looks like.
- Partner with your L6 technical lead and the Distinguished Engineer on architectural decisions, surfacing tradeoffs clearly rather than deferring them upward.
- Contribute to cross-team engineering standards: you are expected to influence practices beyond your immediate squad.
- Translate technical context into clear written artifacts that non-engineers (PM, Support, Leadership) can act on.
- Participate in on-call rotation and own the full incident lifecycle for your system: detection, diagnosis, resolution, and retrospective.
Securly processes over 1.1 billion requests per day and 54 TB of data daily, protecting more than 20 million students across 20,000+ schools globally. Since pioneering the first cloud-based web filter for K-12 in 2013, Securly has built one of the most trusted, high-scale platforms for student safety, wellness, and engagement. By turning data into meaningful, actionable intelligence, Securly enables schools to identify risk earlier, reduce harmful incidents, and strengthen student support.
We are proud to be consistently recognized as a Top Place to Work, named a Top 40 Most Used EdTech platform, and included on the GSV 150 list as one of the most transformational growth companies in digital learning and workforce skills.
- Comprehensive Health Insurance (employee, parents, spouse, children)
- Accidental & Term Life Insurance
- Learning & Development reimbursement
- Paid Time Off
- Public Holidays (10+ per year)
- Retirement Benefits (EPF & gratuity)
- Parental Leave (as per statutory norms)
Securly is an Equal Opportunity Employer committed to inclusion, fairness, and respect. We welcome applicants from all backgrounds, identities, and experiences. #LI-REMOTE #LI-DO1
Skills Required
- Go (Golang) - expert-level, 5+ years production proficiency
- DNS protocol & architecture knowledge
- DNS-over-HTTPS (RFC 8484) experience
- Redis - data structures and performance handling
- TLS / certificate management experience
- Technical communication skills
- AWS knowledge (CloudFormation, NLB, ASG, Route53)
- Operational experience with Unbound DNS server
- Understanding of SmartPAC / PAC-based proxy architecture
- C/C++ experience if required for Unbound module development
Securly Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Securly and has not been reviewed or approved by Securly.
-
Leave & Time Off Breadth — Unlimited PTO, a paid winter break, and a broad holiday schedule provide ample time away. Feedback suggests this breadth supports work-life balance across teams.
-
Parental & Family Support — Fully paid parental leave for birth, adoption, and fostering is available. Feedback suggests this level of family support is competitive for a mid-size tech employer.
-
Healthcare Strength — Company-sponsored medical, dental, and vision start shortly after hire, complemented by free, confidential mental health resources. Feedback suggests multiple plan options and counseling access bolster overall wellbeing.
Securly Insights
What We Do
Securly is the market leader in AI-powered student safety and wellness solutions, trusted by over 20 million students across 20,000+ schools worldwide. We believe every child deserves a learning environment that is safe, supportive, and free from harm or distraction. Since launching the world’s first cloud-based web filter for K–12 in 2013, Securly has been on a mission to redefine what technology can do for student well-being. Today, our award-winning platform uses AI and human insight to keep students safe online, identify signs of bullying, self-harm, or violence, and empower schools to take proactive, compassionate action. From web filtering and classroom management to mental health support and 24/7 human-verified alerts, our solutions protect, guide, and uplift students every day. Our technology has been credited with preventing more than 2,000 potential tragedies—proof of our commitment to making a life-changing impact at scale. Operating with the innovation and agility of a startup and the reach of a tech giant, Securly continues to lead the EdTech industry in shaping the future of student wellness, safety, and engagement. We’re proud to be recognized as a Top Place to Work, an EdTech Top 40 company, and one of the most widely adopted K–12 platforms in the U.S. At Securly, we don’t just build products—we build trust. We partner with educators, counselors, and administrators nationwide to create digital and physical spaces where students can learn, grow, and thrive.
Why Work With Us
Securly blends purpose and innovation—protecting 20M+ students with AI-powered solutions. Our people thrive: 82% engagement (vs. 73% global), 94% proud to work here, and 91% rate manager effectiveness above benchmarks. We grow from within, value learning, and turn innovation into impact.
Gallery
