Description
We are looking for a highly skilled DoH (DNS-over-HTTPS) Engineer to design and build a production-grade, identity-aware DNS resolver system that operates at large scale.
This role involves building secure DNS infrastructure, handling encrypted DNS traffic, implementing identity-based policy enforcement, and working on distributed systems in a cloud-native environment.
Role Overview
You will design and implement a DNS-over-HTTPS resolver layer in Go that sits in front of a DNS policy engine.
The system processes encrypted DNS requests, extracts device/user identity, applies policy decisions, and integrates with backend infrastructure for real-time filtering and routing.
You will own the service end-to-end from protocol design to production deployment and monitoring.
Required Skills
- Go (Golang) production-level backend development.
- DNS Protocol (RFC 1035) recursion, resolution flow, DNS wire format.
- DNS-over-HTTPS (RFC 8484) HTTP/2 transport, application/dns-message handling.
- TLS & Certificate Management termination, renewal, Chrome validation requirements.
- Redis caching, policy lookup, pipelines, performance optimization.
- AWS CloudFormation infrastructure as code deployment.
- AWS Networking NLB, Auto Scaling Groups, Route53.
- Distributed Systems Design scalable, high-availability architecture.
- Identity-based Request Processing extracting device/user identity from encrypted traffic.
- Production Operations monitoring, debugging, on-call ownership.
Nice To Have
- Unbound DNS server experience (configuration or module-level work).
- Chrome Enterprise DNS policies (DnsOverHttpsMode, templates, identifiers).
- C/C++ (for DNS module or Unbound integration).
- Experience in security, web filtering, or network policy systems.
- Knowledge of K-12 / enterprise content filtering systems.
(ref:hirist.tech)
