PHP Backend Developer – VPN (Laravel)
About DeepLock
DeepLock is Quanta Tech’s business-grade VPN platform. Think: zero-drama privacy, enterprise controls, multi-region uptime, and clean UX across mobile/desktop. We’re scaling fast and need a Backend Developer (Laravel) with commercial VPN experience to own the control plane and infrastructure automation for a global VPN network.
What You’ll Do
- Own the control plane (PHP 8.2): Design and build APIs/services (Laravel or Symfony) for auth, device keys, sessions, policy, routing, usage, and billing.
- Provision and orchestrate servers: Automate multi-region WireGuard/OpenVPN/IPsec nodes (Ansible/Terraform + cloud APIs: AWS/DO/Hetzner/OVH). Golden images, immutability, blue-green rollouts.
- Config + key lifecycle: Generate per-device configs, rotate keys, revoke access, enforce device limits, and implement mTLS where needed.
- Enterprise features: SSO (SAML/OIDC: Okta, Azure AD, Google), team/org management, RBAC, audit logs, per-group policies, split-tunnel controls, DNS/DoH policies.
- Networking & security: Linux networking (netfilter/iptables or nftables), routing/NAT, DNS, TLS lifecycle (ACME), hardening, zero-logs policy with privacy-safe metrics.
- Observability & ops: Health checks, synthetic probes, structured logs, metrics/alerts (Prometheus/Grafana or equivalent), incident runbooks.
- Billing & entitlements: Stripe (and later B2B invoicing), plan management, seats/devices, trials, refunds, webhooks, ledgers.
- DDoS & reliability: Work with infra to add shields (provider-level filtering, anycast/BGP partners or Cloudflare Spectrum), fast failover, rate limits/abuse controls.
- CI/CD: Bitbucket Pipelines (or GitHub Actions), testing, static analysis, zero-downtime deploys, secrets management.
- Compliance-ready: Help us be SOC2/ISO-friendly (access controls, least privilege, change management, evidence trails).
Must-have Experience
- PHP 8.x with Laravel (or Symfony) at production scale; queues (Redis/SQS), caching, events.
- Linux networking fundamentals: routing, NAT, DNS, TLS, firewalling.
- Hands-on with WireGuard (preferred) and/or OpenVPN/strongSwan in production.
- Commercial experience building VPNs for restricted countries.
- Infrastructure as Code (Terraform) + config management (Ansible) + cloud APIs.
- RDBMS (PostgreSQL/MySQL), migrations, query tuning; Redis for sessions/queues.
- Nginx + PHP-FPM performance, rate limiting, secure headers.
- Security mindset: secrets, key rotation, least-privilege IAM, dependency hygiene.
- Solid testing discipline (feature + integration + load testing).
Nice to Have
- RADIUS/FreeRADIUS, policy enforcement via attributes.
- Multi-tenant org model, RBAC, audit/event sourcing (e.g., Kafka/NATS optional).
- ClickHouse/ELK for high-volume logs; Prometheus exporters.
- Mobile/Desktop client integration basics (Apple NE, Android VpnService) for backend compatibility.
- DDoS mitigation experience; anycast/BGP or provider-side scrubbing.
- Go/Rust familiarity to interface with high-performance daemons (not required, PHP is your core).
Role Details
- Level: Mid-level (per team review).
- Location: Remote (Ukraine/Russian-speaking preferred).
- Type: Contractor (potential full-time).
Required languages
English | C1 - Advanced |
Ukrainian | C2 - Proficient |
Russian | C2 - Proficient |
Published 5 September
79 views
·
3 applications
📊
Average salary range of similar jobs in
analytics →
Loading...