Infrastructure Engineer at IVPN

Posted on July 7, 2026

Please note for this role we are only recruiting within the UTC-1 to UTC+3 timezones.

IVPN is a mission-driven company with a narrow focus on privacy within the larger VPN consumer market. We have been around for 16 years and have a mature, profitable operation. Beyond IVPN we operate modDNS (DNS filtering), Mailx (email aliasing), and Portmaster (application firewall), offered as part of different IVPN plans.

We are looking for an infrastructure engineer/sysadmin to upgrade and maintain our existing high-performance network of VPN and DNS servers and related infrastructure. The position is fully remote with a high level of autonomy and requires that you thrive in this type of environment.

What you will work on

You will work alongside our senior infrastructure engineer / sysadmin, with primary day-to-day responsibility for IVPN and modDNS. You will share knowledge and support each other on shared infrastructure work, but you will own your areas and take on projects independently.

You will:

  • Roll out our new VPN gateway fleet — immutable, diskless, secure, and built on leased bare-metal servers.
  • Deploy new endpoints and engineer routing improvements for our DNS service.
  • Ensure the high availability of our network of bare-metal servers (VPN and DNS) in production.
  • Drive automation and tooling improvements across our infrastructure.
  • Interface with ISPs to resolve upstream network issues.
  • Provide tier 2/3 support to the rest of the team for infrastructure-related issues.
  • After you settle into your role, share an on-call rotation with the senior on the team.

What you can expect

We work in a fully remote setting with a high degree of independence. This means maximum freedom, minimum meetings.

If your ideal workplace offers regular meetups and busy chat channels, IVPN is probably not a good fit for you. On the other hand, if you value autonomy and focused work, you will appreciate our culture.

As you grow into the role, there's room to share your work publicly — writing about the infrastructure choices we make, or discussing them with the wider privacy community.

We offer 25 days of vacation per year, the hardware of your choice to do your job, plus ample budget for learning and research projects.

Budget for this role is €48–58K/year (B2B), depending on skills and experience. Mission-driven work, autonomy and flexibility come with the package.

Engagement is on a B2B contract basis, we can't employ across all jurisdictions. In practice this is a long-term role — most of our colleagues have been with us 5+ years.

How we stand out from the crowd of VPN providers

  • Early adopters of the latest protocols and technologies (like WireGuard) to improve our service.
  • Strict ethical stances around data collection and marketing practices — principles over profits.
  • Clear commitment to transparency and regular security audits (8 years and counting).
  • Calling out bad practices in the VPN industry and shunning false promises.
  • Recommended by experts whose voice we truly value — those not motivated by affiliate payouts.

Requirements

  • Strong understanding of and interest in infosec — particularly the cryptographic controls used on servers (public-key crypto, reproducible builds, TPM).
  • Strong understanding of TCP/IP, UDP, SSL/TLS, and other Internet protocols.
  • 3+ years experience managing Linux servers in production, including bare-metal.
  • 3+ years experience with a configuration management tool (Ansible, Puppet, Salt). Demonstrable production codebase or git history preferred.
  • Comfortable reading and writing utility scripts in Python, Go, or Bash.
  • Automation mindset. You instinctively look for the manual process that should be automated.
  • Excellent written communication — you document systems clearly and explain technical decisions so teammates and users can follow them.

Nice to have

  • Experience with WireGuard, OpenVPN, or other VPN protocols.
  • Experience with anycast network operation (BGP, traffic engineering, RPKI).
  • Familiarity with nftables and modern Linux networking internals.
  • Curiosity about LLM-assisted operations: using AI agents for log analysis, incident triage, runbook generation. You'll have room to introduce these tools where you see fit.
  • You enjoy sharing your work — through writing, talks, or other public formats.

How to apply

Send an email with your CV and any relevant information added to: apply@ivpn.net (subject: Infrastructure Engineer application / IVPN)

To qualify for the next steps, your message must also include answers to the following questions:

  1. Why are you interested in this role?
  2. Which timezone do you work (or plan to work) in?
  3. Users start reporting intermittent connectivity issues or degraded performance specifically through bare-metal VPN servers located in one of our data centers. Initial checks show CPU/RAM on the affected servers seems okay most of the time, and basic pings from outside to the server IPs seem fine. Describe your approach to diagnosing this problem.
  4. Tell us about a concrete production incident you personally diagnosed — what broke, how you found the cause, what you changed.