PHP Backend Developer – VPN (Laravel)

About DeepLock

DeepLock is Quanta Tech’s business-grade VPN platform. Think: zero-drama privacy, enterprise controls, multi-region uptime, and clean UX across mobile/desktop. We’re scaling fast and need a Backend Developer (Laravel) with commercial VPN experience to own the control plane and infrastructure automation for a global VPN network.

 

What You’ll Do

  • Own the control plane (PHP 8.2): Design and build APIs/services (Laravel or Symfony) for auth, device keys, sessions, policy, routing, usage, and billing.
  • Provision and orchestrate servers: Automate multi-region WireGuard/OpenVPN/IPsec nodes (Ansible/Terraform + cloud APIs: AWS/DO/Hetzner/OVH). Golden images, immutability, blue-green rollouts.
  • Config + key lifecycle: Generate per-device configs, rotate keys, revoke access, enforce device limits, and implement mTLS where needed.
  • Enterprise features: SSO (SAML/OIDC: Okta, Azure AD, Google), team/org management, RBAC, audit logs, per-group policies, split-tunnel controls, DNS/DoH policies.
  • Networking & security: Linux networking (netfilter/iptables or nftables), routing/NAT, DNS, TLS lifecycle (ACME), hardening, zero-logs policy with privacy-safe metrics.
  • Observability & ops: Health checks, synthetic probes, structured logs, metrics/alerts (Prometheus/Grafana or equivalent), incident runbooks.
  • Billing & entitlements: Stripe (and later B2B invoicing), plan management, seats/devices, trials, refunds, webhooks, ledgers.
  • DDoS & reliability: Work with infra to add shields (provider-level filtering, anycast/BGP partners or Cloudflare Spectrum), fast failover, rate limits/abuse controls.
  • CI/CD: Bitbucket Pipelines (or GitHub Actions), testing, static analysis, zero-downtime deploys, secrets management.
  • Compliance-ready: Help us be SOC2/ISO-friendly (access controls, least privilege, change management, evidence trails).

 

Must-have Experience

  • PHP 8.x with Laravel (or Symfony) at production scale; queues (Redis/SQS), caching, events.
  • Linux networking fundamentals: routing, NAT, DNS, TLS, firewalling.
  • Hands-on with WireGuard (preferred) and/or OpenVPN/strongSwan in production.
  • Commercial experience building VPNs for restricted countries.
  • Infrastructure as Code (Terraform) + config management (Ansible) + cloud APIs.
  • RDBMS (PostgreSQL/MySQL), migrations, query tuning; Redis for sessions/queues.
  • Nginx + PHP-FPM performance, rate limiting, secure headers.
  • Security mindset: secrets, key rotation, least-privilege IAM, dependency hygiene.
  • Solid testing discipline (feature + integration + load testing).

 

Nice to Have

  • RADIUS/FreeRADIUS, policy enforcement via attributes.
  • Multi-tenant org model, RBAC, audit/event sourcing (e.g., Kafka/NATS optional).
  • ClickHouse/ELK for high-volume logs; Prometheus exporters.
  • Mobile/Desktop client integration basics (Apple NE, Android VpnService) for backend compatibility.
  • DDoS mitigation experience; anycast/BGP or provider-side scrubbing.
  • Go/Rust familiarity to interface with high-performance daemons (not required, PHP is your core).

 

Role Details

  • Level: Mid-level (per team review).
  • Location: Remote (Ukraine/Russian-speaking preferred).
  • Type: Contractor (potential full-time).

Required languages

English C1 - Advanced
Ukrainian C2 - Proficient
Russian C2 - Proficient
Published 5 September
79 views
·
3 applications
To apply for this and other jobs on Djinni login or signup.
Loading...