About Us:

Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.

How We Work:

At Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values:

Bold in how we dream and innovate

Responsive to feedback, challenges and opportunities

Accountable for results and best in class outcomes

Visionary in future focused problem-solving

Exceptional in execution and impact

Corporate Overview
Proofpoint is a leading cybersecurity company protecting organizations’ greatest assets and biggest risks: vulnerabilities in people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber-attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint for people-centric security and compliance solutions mitigating their most critical risks across email, the cloud, social media, and the web.
We are singularly devoted to helping our customers protect their greatest assets and biggest security risk: their people. That’s why we’re a leader in next-generation cybersecurity.
Protection Starts with People. Proofpoint.

Job Title:

Senior Proxy Engineer

Locations Hyderabad, A.P., India Athens, Greece Sunnyvale, CA, USA Role

Overview

We are seeking a Senior Proxy Engineer to design, build, and operate production-grade proxy infrastructure at scale. This role demands expert command of HTTP and related application-layer protocols, deep experience architecting proxy systems, and primary development fluency in Go with strong Lua scripting skills for runtime extensibility. You will own the full lifecycle of our proxy platform — from protocol-level design and connection management through TLS termination, request routing, traffic shaping, and upstream load balancing — serving as the technical authority on how traffic flows through our infrastructure. You will work across forward proxies, reverse proxies, API gateways, and protocol translators, handling a diverse set of methodologies including explicit HTTP proxying, transparent interception, SOCKS tunnelling, and CONNECT-based HTTPS proxying. Familiarity with OpenTelemetry for deep proxy observability is a meaningful plus.

Key Responsibilities

• Proxy Architecture & Core Pipeline Design Architect and implement high-performance forward, reverse, and transparent proxy systems in Go with clean separation between the connection layer, protocol layer, routing layer, and upstream layer

• Design proxy pipeline stages end-to-end: listener configuration, connection acceptance, TLS termination, protocol detection, virtual hosting, routing rule evaluation, request transformation, upstream selection, response streaming, and connection teardown

• Build robust connection lifecycle management: keep-alive handling, half-close semantics, graceful shutdown, drain periods, and connection migration for rolling deployments

• Implement traffic shaping primitives within the proxy: request hedging, retry budgets, timeout hierarchies (connect, first byte, total request), circuit breakers, and adaptive concurrency limits

• Design and maintain upstream connection pools with configurable keep-alive timeouts, max idle connections per host, connection health checks, and zero-downtime upstream replacement

• Own the header manipulation pipeline: request and response header rewriting, injection, removal, and normalisation with attention to correctness under HTTP/1.1 and HTTP/2 semantics

• Architect multi-tenant proxy configurations with per-tenant routing policies, rate limits, authentication schemes, and traffic isolation guarantees HTTP Protocol Engineering & Standards Compliance

• Maintain expert-level understanding of the core HTTP specification suite: RFC 9110 (HTTP Semantics), RFC 9112 (HTTP/1.1 Message Syntax), RFC 9113 (HTTP/2), RFC 9114 (HTTP/3), and RFC 9000 (QUIC)

• Implement correct HTTP/1.1 connection management: persistent connections, keep-alive negotiation, chunked transfer encoding, request pipelining, and trailer fields Implement full HTTP/2 support: stream multiplexing, flow control (stream and connection level), header compression via HPACK, server push, RST_STREAM handling, and SETTINGS negotiation

• Build HTTP/3 and QUIC proxying support: stream prioritisation, 0-RTT connection establishment, connection migration, and loss-recovery-aware flow control

• Implement cache-control semantics per RFC 9111: Vary header handling, conditional request support (ETags, If-Modified-Since, If-None-Match), surrogate-key invalidation, and stale-while-revalidate

• Handle HTTP edge cases defensively: malformed header detection, header field size limits, request smuggling mitigations (CL-TE and TE-CL desync), response splitting defences, and observer-invisible whitespace normalisation

• Support WebSocket upgrade flows with correct Upgrade/Connection header handling, frame proxying, bidirectional streaming, and Ping/Pong keepalive management

• Implement gRPC-over-HTTP/2 proxying: correct framing of length-prefixed messages, trailer handling for gRPC status codes, streaming RPC proxying, and gRPC-Web transcode
  
  Why Proofpoint
  Protecting people is at the heart of our award-winning lineup of cybersecurity solutions, and the people who work here are the key to our success. We’re a customer-focused and a driven-to-win organization with leading-edge products. We are an inclusive, diverse, multinational company that believes in culture fit, but more importantly ‘culture-add’, and we strongly encourage people from all walks of life to apply.
  
  We believe in hiring the best and the brightest to help cultivate our culture of collaboration and appreciation. Apply today and explore your future at Proofpoint! #LifeAtProofpoint

Why Proofpoint?

At Proofpoint, we believe that an exceptional career experience includes a comprehensive compensation and benefits package. Here are just a few reasons you’ll love working with us:

• Competitive compensation

• Comprehensive benefits

• Career success on your terms

• Flexible work environment

• Annual wellness and community outreach days

• Always on recognition for your contributions

• Global collaboration and networking opportunities

Our Culture:

Our culture is rooted in values that inspire belonging, empower purpose and drive success-every day, for everyone.

We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out to [email protected].

How to Apply

Interested? Submit your application along with any supporting information- we can’t wait to hear from you!

Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable compensation and/or equity. We offer a competitive benefits package, including flexible time off, a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year, plus a three-week Work from Anywhere option.

Base Pay Ranges:

SF Bay Area, New York City Metro Area:

California (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska:

All other cities and states excluding those listed above: