Roman Volosatovs

GitHub: @rvolosatovs • LinkedIn: @rvolosatovs

Summary

Rust, Go, Nix, Wasm and Linux expert with 10 years of professional experience specializing in low-level systems programming, networking, distributed systems and high-performance computing. Extensive experience building and shipping in fast-paced technology startups.

Selected Strengths

• Systems: Linux internals, networking, syscall boundaries, cgroups, systemd, runtimes, WebAssembly, performance profiling, benchmarking
• Languages: Rust, Go, C, Nix, WAT
• Distributed systems: RPC, NATS.io, gRPC, Kubernetes, observability, multi-tenant platforms, high-throughput services
• Security: cryptography, TLS, confidential computing, TEE isolation, HSM-backed key storage, runtime sandboxing, endpoint telemetry
• AI and tooling: MCP, OpenAPI, AI-assisted engineering workflows, CI/CD, developer productivity tooling
• Leadership: principal-level architecture, technical direction, mentoring, standards bodies, conference talks, open-source maintenance
• Startup execution: fast-paced startup environments, end-to-end ownership, ambiguity, customer-facing technical work

Professional Experience

Mar 2026 - May 2026

Helmet Security, Inc.: Principal Software Engineer

Tech: Rust, Linux, macOS, Windows, eBPF, Endpoint Security, ETW, MCP, OpenTelemetry, sandboxing, network proxying, enterprise security monitoring

• Worked on a cross-platform enterprise AI security monitoring solution across macOS, Windows and Linux.
• Built and integrated endpoint telemetry collection using macOS Endpoint Security, Windows ETW and Linux eBPF.
• Worked on sandboxing and network proxying components for secure, observable execution environments.

Feb 2023 - Feb 2026

Cosmonic: Principal Software Engineer

Tech: Rust, Go, C, Nix, WebAssembly, TCP/IP, UDP, QUIC, HTTP, gRPC, NATS.io, Kubernetes, OpenTelemetry, Elixir, OpenAPI, AWS, GitHub

• Served as WebAssembly runtime expert, focusing on performance-critical low-level systems programming as part of the Bytecode Alliance.
• Maintainer of bytecodealliance/wasmtime, the industry-leading WebAssembly runtime.
• Completed a $250,000 contract for NEAR blockchain in 6 months, achieving a 14x performance improvement in their WebAssembly runtime through profiling, binary analysis, gas instrumentation optimization and component-model support.
• Migrated the core product of Cosmonic, wasmcloud/wasmcloud, a distributed WebAssembly execution platform, from Elixir to Rust for improved performance and maintainability.
• Designed and implemented open-source tooling and low-level libraries around WebAssembly in Rust:
  • bytecodealliance/wrpc - transport-agnostic, high-performance general-purpose RPC framework leveraging WebAssembly Interface Types. Presented at WasmCon 2024
  • rvolosatovs/wasmlet - high-performance, multi-tenant, embeddable WebAssembly runtime optimized for cloud-native applications with focus on low-latency execution, security and deployment density
  • wasmcloud/cabish - Wasm canonical ABI implementation for native code, enabling interoperability between WebAssembly and native applications
  • wasmcloud/wadge - component testing and plugin framework for Wasm
  • bytecodealliance/wit-deps - package manager adopted across Bytecode Alliance projects
• Represented Cosmonic at W3C WebAssembly and WASI working group meetings, WASI/component-model/Wasmtime development meetings and conferences including KubeCon, WasmCon and Wasm I/O.

Oct 2021 - Feb 2023

Profian: Principal Software Engineer / Network Service Tech Lead

Tech: Rust, C, Nix/NixOS, WebAssembly, TCP/IP, HTTP, TLS, cryptography, Linux, systemd, Trusted Execution Environments (Intel SGX, AMD SEV-SNP), AWS, Equinix, OCI (docker, podman), GitHub, GitLab, Nginx, OpenID Connect, REST, OpenAPI

At Profian I worked on Enarx - open-source confidential computing platform for secure execution of WebAssembly workloads in trusted execution environments and services around it.

The company was closed due to lack of funding.

• Led network service development for Enarx, an open-source confidential computing platform for running WebAssembly workloads inside Intel SGX and AMD SEV-SNP TEEs.
• Contributed significantly to overall system design across Linux, networking, virtual filesystems and trusted/untrusted execution boundaries.
• Designed and implemented Sallyport, a high-performance syscall proxying library with minimal overhead for secure communication between trusted execution environments and the host OS.
• Designed and implemented networking and virtual filesystem support for the Enarx execution layer and Drawbridge, a Merkle tree-based object registry.
• Mentored engineers in Rust, Nix, networking and systems design; helped team members resolve blockers and meet business-critical deadlines.
• Set up, maintained and continuously improved organization-wide CI processes, release pipelines, Nix-based build tooling, image delivery and NixOS infrastructure on AWS and Equinix.
• Represented the company at KubeCon 2022, Open Source Summit Europe 2022, FOSDEM 2023 and WASI SIG Registries working group meetings.
• Contributed to various open-source projects, most notably rust-lang/cargo and bytecodealliance/wasmtime.

Jun 2021 - Sep 2021

Docker Inc: Senior Software Engineer (Programmable OS team)

Tech: Go, C#, Swift, Linux, Windows, macOS, OCI (docker), GitHub, Jira, REST, OpenAPI

At Docker I worked on open-source Docker Engine and proprietary Docker Desktop application for Windows and macOS with focus on performance optimizations.

• Designed and implemented a Linux cgroup-based Docker Desktop start/stop feature, working across Docker Engine, Desktop and OS integration boundaries.
• Contributed to moby/moby.

Aug 2016 - May 2021

The Things Industries / The Things Network: Backend Engineer

Tech: Go, C, Lua, Python, JavaScript, TCP/IP, UDP, DNS, gRPC, protocol buffers, TLS, Linux, cryptography, LoRaWAN, InfluxDB, Redis 6, OCI (docker), AWS, Azure, GitHub, GitLab, Travis CI, Nginx, IoT, edge devices, REST

At The Things Industries / The Things Network I worked on open-source and proprietary parts of a distributed, global LoRaWAN IoT network operator stack.

• Built distributed LoRaWAN network-server and join-server components handling multi-tenant packet routing, roaming, cryptographic key derivation and HSM-backed storage.
• Provided AWS-based SaaS offerings and technical support for high-profile production customers.
• Designed proprietary NOC components monitoring network state and handling several thousand requests per second.
• Designed the LoRaWAN specification as part of LoRa Alliance Technical Committee.
• Managed and represented the company at The Things Conference organized yearly.
• Implemented support for device roaming in collaboration with other LoRaWAN network operators.
• Designed and implemented:
  • LoRaWAN specification-compliant, highly-available, distributed, high-performance microservice components for multi-tenant environments:
    • Network Server - low-level packet routing and MAC layer protocol implementation
    • Join Server - performing secure device provisioning with cryptographic key derivation, exchange and HSM-backed storage
  • Build tooling:
    • Generic all-inclusive protoc OCI image, which I eventually inherited
  • Tooling to increase developer productivity:
    • protoc plugin with fieldmask support
    • Binary LoRaWAN frame decoder

May 2016 - Aug 2017

Eindhoven University of Technology: Software Engineer

Tech: Go, JavaScript, HTML, CSS, InfluxDB, OCI (docker), systemd, REST

• Designed, implemented and maintained a full-stack research application interfacing with Philips Hue lights used on-site in a hospital

May 2016 - Aug 2016

Google Summer of Code: Intern

Tech: Go, C, TypeScript, systemd

• Designed and implemented systemgo - init system in Go compatible with systemd unit file format for a browser-based operating system

Selected Open Source

• Nix and NixOS - I use Nix and NixOS on my personal machines/servers since 2016
  • Member of NixOS organization on GitHub
  • Contribute to NixOS/nixpkgs
  • FOSDEM 2023 talk about adopting Nix at Profian
• rund - A gRPC service in Go, which runs arbitrary Linux processes in a separate cgroup2 in an Alpine Linux container via pivot_root with mTLS authentication

Education

2015-2018

BSc, Software Science; Eindhoven University of Technology

• mooshy - developed kernel-level exploit framework leveraging ShellShock and Dirty CoW vulnerabilities, demonstrating deep understanding of Linux kernel internals, and system-level security mechanisms
• Taken Declarative Programming course in university, which was completely based on Haskell with a big focus on category theory
  • Wrote a Lisp interpreter in Haskell with a study partner as part of the course

Languages

• Russian - bilingual
• Latvian - bilingual
• English - proficient
• French - B1
• Dutch - basic knowledge