Firezone secures remote access to networks and applications for organizations of all sizes around the world. We’re building a next-generation, open-source network security platform that leverages new tech like WireGuard and eBPF to provide a run-anywhere firewall for the work-anywhere era.
We’re backed by world-class investors such as Y Combinator, 1984 Ventures, Uncorrelated Ventures, Gaingels, Amino Capital, and many notable angel investors.
We’re looking for a senior systems engineer to make foundational technology decisions and help mentor a growing team. This would be a great role for a seasoned systems engineer looking to overcome distributed systems challenges at an early-stage security startup. If you thrive on solving low-level packet hacking problems, lie awake at night dreaming of NAT traversal, or obsess over squeezing every last bit of performance from your network stack, this role is ideal for you!
You'll be responsible for designing, testing, and implementing various parts of the Firezone connectivity layers in Rust. These layers have platform-dependent codepaths for interfacing with the network stacks for each platform. So bonus points if you have Apple, Windows and/or Android development experience! Much of your work will run on those platforms.
The ideal candidate will have at least 3 years (or equivalent) experience shipping and operating Rust code in production.
Key features that make the role unique:
Firezone builds software that companies trust to shuffle packets around quickly and securely. Performance, reliability, and security are key.
Some of the fun, bigger technical challenges we face are:
To facilitate the above, Firezone is built primarily in Elixir/Phoenix — we think Erlang and OTP provide the perfect foundation for building a secure, scalable distributed networking product (after all, it powers much of the world’s telecom infrastructure!).
The server application is split into three supervised OTP apps: fz_http for orchestration, fz_vpn for VPN termination, and fz_wall for managing the host firewall. We built it this way to support multi-site topologies (fz_vpn, fz_wall) that can be orchestrated by a central control plane (fz_http).
Some of the low-level kernel interfacing and eBPF compilation will be moving to Rust soon along with a cross-platform core client library that will power the client applications for each platform (Apple, Linux, Windows).
See our architecture diagram:
We value the ability to learn quickly, take ownership, and ship product features over raw years of experience or company logos on your resume. Our goal is to make a well-informed decision based on your ability to do the work you’ll be expected to do at Firezone without subjecting you to a long drawn-out process. Our process involves:
fulltimeMountain View, CABackend$120K - $180K0.50% - 1.00%6+ years
fulltimeMountain View, CAFrontend$100K - $130K0.10% - 0.30%6+ years