Senior Rust Engineer (Systems) at Firezone (W22)
$120K - $180K  •  0.50% - 1.00%
Easiest, most secure way to set up Zero Trust Access for your team
Mountain View, CA
6+ years
About Firezone

Firezone secures remote access to networks and applications for organizations of all sizes around the world. We’re building a next-generation, open-source network security platform that leverages new tech like WireGuard and eBPF to provide a run-anywhere firewall for the work-anywhere era.

We’re backed by world-class investors such as Y Combinator, 1984 Ventures, Uncorrelated Ventures, Gaingels, Amino Capital, and many notable angel investors.


  • Remote-first work with the option to work locally out of our Mountain View office if you’re in the Bay Area. We attend conferences and hold fun off-sites, so you’ll still get the chance to meet everyone on the team if you work remotely.
  • Regular team off-sites (our last one was in Santa Rosa, California).
  • Flexible budget for your ideal workspace setup. Whether it’s a custom-built beefy Linux desktop or an Apple-powered mobile workstation — build your dream battlestation to get your work done! Use whatever gear suits you best.
  • Comprehensive medical/dental/vision plans.
  • Flexible work hours and paid vacation.
  • $100/month stipend to support open source.
About the role
Skills: Rust, Distributed Systems, TCP/IP, Windows, Linux

We’re looking for a senior systems engineer to make foundational technology decisions and help mentor a growing team. This would be a great role for a seasoned systems engineer looking to overcome distributed systems challenges at an early-stage security startup. If you thrive on solving low-level packet hacking problems, lie awake at night dreaming of NAT traversal, or obsess over squeezing every last bit of performance from your network stack, this role is ideal for you!

You'll be responsible for designing, testing, and implementing various parts of the Firezone connectivity layers in Rust. These layers have platform-dependent codepaths for interfacing with the network stacks for each platform. So bonus points if you have Apple, Windows and/or Android development experience! Much of your work will run on those platforms.

The ideal candidate will have at least 3 years (or equivalent) experience shipping and operating Rust code in production.

Key features that make the role unique:

  • Ship code that runs on thousands of customer's devices worldwide
  • Overcome connectivity challenges related to blocking of the WireGuard® protocol by nation-states, crappy public WiFi, and other hostile networks
  • Opportunity to "wear many hats": Rapidly level up your skillset across a variety of technologies from cross-platform development to TCP/IP hacking, to hacking on core pieces of the WireGuard protocol, to packet interception and mangling.
  • Nearly all of your work will be public — our codebase is 100% open source.
  • Be a founding engineer - you’ll make core architecture choices, shape company culture, and help set the bar for quality and execution.

Firezone builds software that companies trust to shuffle packets around quickly and securely. Performance, reliability, and security are key.

Some of the fun, bigger technical challenges we face are:

  1. Scaling WireGuard & eBPF performance to saturate the fastest network links
  2. Scaling firewall configuration management to multisite topologies
  3. Compiling and distributing Erlang applications across many different operating systems and CPU architectures
  4. Building secure, performant native platform apps that integrate well with enterprise MDM systems

To facilitate the above, Firezone is built primarily in Elixir/Phoenix — we think Erlang and OTP provide the perfect foundation for building a secure, scalable distributed networking product (after all, it powers much of the world’s telecom infrastructure!).

The server application is split into three supervised OTP apps: fz_http for orchestration, fz_vpn for VPN termination, and fz_wall for managing the host firewall. We built it this way to support multi-site topologies (fz_vpn, fz_wall) that can be orchestrated by a central control plane (fz_http).

Some of the low-level kernel interfacing and eBPF compilation will be moving to Rust soon along with a cross-platform core client library that will power the client applications for each platform (Apple, Linux, Windows).

See our architecture diagram:


Interview Process

Hiring Process

We value the ability to learn quickly, take ownership, and ship product features over raw years of experience or company logos on your resume. Our goal is to make a well-informed decision based on your ability to do the work you’ll be expected to do at Firezone without subjecting you to a long drawn-out process. Our process involves:

  1. Introduction Call - A chance to connect and see if there is interest from both sides, share more about our vision and roadmap, and learn more about your experience.
  2. Technical screening call - A more in-depth call to chat about technical concepts and possibly a live-coding exercise that would resemble your day to day work.
  3. Take-home Coding Challenge - We're not fans of live, hours-long coding interviews since they don't resemble how most engineers get work done. Instead, we'll give you a 1-2 hour take-home challenge related to the role. You’ll be solving a problem similar to something you’d face in day-to-day work.
  4. Team call - You'll meet with members of the team individually to assess culture fit.
  5. Background and reference checks.
  6. Offer Decision

Other jobs at Firezone

fulltimeMountain View, CAFrontend$100K - $130K0.10% - 0.30%6+ years

fulltimeMountain View, CABackend$120K - $180K0.50% - 1.00%6+ years

Hundreds of YC startups are hiring on Work at a Startup.

Sign up to see more ›