Roman Volosatovs

GitHub: @rvolosatovs • LinkedIn: @rvolosatovs

Summary

Principal-level systems engineer specializing in Rust, Go, Nix, Linux, WebAssembly and distributed systems, with 10 years of experience spanning runtime performance, WASI ecosystem work, IoT infrastructure, endpoint telemetry, sandboxing and distributed platforms. Extensive experience building and shipping in fast-paced technology startups.

Highlights

• Shipped low-level runtime and platform work across WebAssembly runtimes, confidential computing infrastructure, distributed execution platforms and Docker Desktop.
• Built multi-tenant LoRaWAN IoT infrastructure covering packet routing, roaming, cryptographic key derivation and HSM-backed storage.
• Built cross-platform endpoint telemetry and secure execution components using macOS Endpoint Security, Windows ETW and Linux eBPF.
• Contributed extensively to Bytecode Alliance WebAssembly and WASI work, and represented Cosmonic in W3C WebAssembly/WASI working groups.
• Improved NEAR blockchain WebAssembly runtime performance by 14x in 6 months as part of a $250,000 delivery.
• Spoke on WebAssembly and Nix at conferences.

Strengths

• Systems: Linux internals, networking, cgroups, runtimes, WebAssembly, WebAssembly component model, WASI, binary instrumentation, benchmarking, NixOS
• IoT and edge systems: LoRaWAN, packet routing, roaming, cryptographic provisioning, HSM-backed key storage, edge connectivity
• Languages: Rust, Go, Nix
• Distributed systems: HTTP, gRPC, WebSockets, NATS.io, Redis, Kubernetes, observability, multi-tenant platforms, high-throughput services
• Security: cryptography, TLS, OIDC, confidential computing, HSM-backed key storage, runtime sandboxing, endpoint telemetry
• Platform ownership: architecture, implementation, CI/CD, release pipelines, production support, internal tooling
• Technical leadership: mentorship, standards bodies, conference talks, open-source maintenance and collaboration

Professional Experience

Mar 2026 - May 2026

Helmet Security, Inc.: Principal Software Engineer

Tech: Rust, Linux, macOS, Windows, eBPF, Endpoint Security, ETW, MCP, OpenTelemetry, sandboxing, network proxying, enterprise security monitoring

• Built and integrated a cross-platform enterprise AI security monitoring and telemetry solution across macOS, Windows and Linux.
• Worked on sandboxing and network proxying for AI agents.
• Worked on MCP server static analysis.

Feb 2023 - Feb 2026

Cosmonic: Principal Software Engineer

Tech: Rust, Go, C, Nix, WebAssembly, TCP/IP, UDP, QUIC, HTTP, gRPC, NATS.io, Kubernetes, OpenTelemetry, Elixir, OpenAPI, AWS, GitHub

• Completed a $250,000 contract for NEAR blockchain in 6 months, achieving a 14x performance improvement in their WebAssembly runtime through profiling, binary analysis, gas instrumentation optimization and component-model support.
• Maintainer of bytecodealliance/wasmtime, the industry-leading WebAssembly runtime.
• Migrated the core product of Cosmonic, wasmcloud/wasmcloud, a distributed WebAssembly execution platform, from Elixir to Rust for improved performance and maintainability.
• Designed and implemented open-source tooling and low-level libraries around WebAssembly in Rust:
  • bytecodealliance/wrpc - transport-agnostic, high-performance general-purpose RPC framework leveraging WebAssembly Interface Types. Presented at WasmCon 2024
  • rvolosatovs/wasmlet - high-performance, multi-tenant, embeddable WebAssembly runtime optimized for cloud-native applications, focused on low-latency execution, security and deployment density
  • wasmcloud/cabish - Wasm canonical ABI implementation for native code, enabling interoperability between WebAssembly and native applications
  • wasmcloud/wadge - component testing and plugin framework for Wasm
  • bytecodealliance/wit-deps - package manager adopted across Bytecode Alliance projects
• Represented Cosmonic at W3C WebAssembly and WASI working group meetings, WASI/component-model/Wasmtime development meetings and conferences including KubeCon, WasmCon and Wasm I/O.

Oct 2021 - Feb 2023

Profian: Principal Software Engineer / Network Service Tech Lead

Tech: Rust, C, Nix/NixOS, WebAssembly, TCP/IP, HTTP, TLS, cryptography, Linux, systemd, Trusted Execution Environments (Intel SGX, AMD SEV-SNP), AWS, Equinix, OCI (docker, podman), GitHub, GitLab, Nginx, OpenID Connect, REST, OpenAPI

Worked on Enarx, an open-source confidential computing platform for secure execution of WebAssembly workloads in trusted execution environments and related services.

• Designed and implemented networking and virtual filesystem support for the Enarx execution layer.
• Led a team in development of network services and helped team members overcome blockers and meet deadlines.
• Contributed significantly to overall system design across Linux, networking, virtual filesystems and trusted/untrusted execution boundaries.
• Designed and implemented Sallyport, a high-performance syscall proxying library with minimal overhead for secure communication between trusted execution environments and the host OS.
• Designed and implemented Drawbridge, a Merkle tree-based object registry.
• Mentored engineers in Rust, Nix, networking and systems design; helped team members resolve blockers and meet business-critical deadlines.
• Set up, maintained and continuously improved organization-wide CI processes, release pipelines, Nix-based build tooling, image delivery and NixOS infrastructure on AWS and Equinix.
• Represented the company at KubeCon 2022, Open Source Summit Europe 2022, FOSDEM 2023 and WASI SIG Registries working group meetings.
• Contributed to various open-source projects, for example:
  • rust-lang/cargo
  • bytecodealliance/wasmtime

Jun 2021 - Sep 2021

Docker Inc: Senior Software Engineer (Programmable OS team)

Tech: Go, C#, Swift, Linux, Windows, macOS, OCI (docker), GitHub, Jira, REST, OpenAPI

Worked on the open-source Docker Engine and the proprietary Docker Desktop application for Windows and macOS, with a focus on performance optimization.

• Designed and implemented a Linux cgroup-based Docker Desktop start/stop feature, working across Docker Engine, Desktop and OS integration boundaries.
• Contributed to moby/moby.

Aug 2016 - May 2021

The Things Industries / The Things Network: Backend Engineer

Tech: Go, C, Lua, Python, JavaScript, TCP/IP, UDP, DNS, gRPC, protocol buffers, TLS, Linux, cryptography, LoRaWAN, InfluxDB, Redis 6, OCI (docker), AWS, Azure, GitHub, GitLab, Travis CI, Nginx, IoT, edge devices, REST

Worked on both open-source and proprietary parts of a distributed global LoRaWAN IoT network operator stack.

• Built distributed LoRaWAN network-server and join-server components handling multi-tenant packet routing, roaming, cryptographic key derivation and HSM-backed storage.
• Provided AWS-based SaaS offerings and technical support for high-profile production customers.
• Designed proprietary NOC components monitoring network state and handling several thousand requests per second.
• Designed the LoRaWAN specification as part of LoRa Alliance Technical Committee.
• Represented the company at the annual The Things Conference.
• Implemented support for device roaming in collaboration with other LoRaWAN network operators.
• Designed and implemented:
  • LoRaWAN specification-compliant, highly-available, distributed, high-performance microservice components for multi-tenant environments:
    • Network Server - low-level packet routing and MAC layer protocol implementation
    • Join Server - performing secure device provisioning with cryptographic key derivation, exchange and HSM-backed storage
  • Build tooling:
    • Generic all-inclusive protoc OCI image, which I eventually inherited
  • Tooling to increase developer productivity:
    • protoc plugin with fieldmask support
    • Binary LoRaWAN frame decoder

May 2016 - Aug 2017

Eindhoven University of Technology: Software Engineer

Tech: Go, JavaScript, HTML, CSS, InfluxDB, OCI (docker), systemd, REST

• Designed, implemented and maintained a full-stack research application interfacing with Philips Hue lights used on-site in a hospital

May 2016 - Aug 2016

Google Summer of Code: Intern

Tech: Go, C, TypeScript, systemd

• Designed and implemented systemgo - init system in Go compatible with systemd unit file format for a browser-based operating system

Hobby Experience

• Nix and NixOS - daily user on personal machines and servers since 2016
  • Member of NixOS organization on GitHub
  • Contribute to NixOS/nixpkgs
  • FOSDEM 2023 talk about adopting Nix at Profian
• cex-index - Crypto exchange price index service in Rust
• nixvm - ephemeral NixOS VM launcher based on libkrun (AI-generated)
• rund - Go gRPC service for running Linux processes in isolated cgroup2-based Alpine containers via pivot_root, secured with mTLS

Education

2015-2018

BSc, Software Science; Eindhoven University of Technology

• Completed a declarative programming course centered on Haskell and category theory
  • Built a Lisp interpreter in Haskell with a study partner as part of the course
• mooshy - Kernel-level exploit framework leveraging ShellShock and Dirty CoW vulnerabilities, demonstrating deep understanding of Linux kernel internals and system-level security mechanisms

Languages

• Russian - bilingual
• Latvian - bilingual
• English - proficient
• French - B1
• Dutch - basic knowledge