Engineering Manager, Language Security (TuxCare)

TuxCare is a subsidiary of CloudLinux offering security solutions for Linux and open-source software aimed at enterprise organizations. It provides automated live vulnerability patching, minimizing downtime, and security support for popular Linux distributions, end-of-life systems, and programming languages. The role involves managing TuxCare's Language Security Research function, which delivers security patches for end-of-life and non-EOL open-source language runtimes and frameworks.

Must have:

• Strong software development background across multiple language ecosystems with at least 6 years of hands-on experience
• 3+ years of engineering leadership experience in a product company
• Proven experience with technical delivery and accountability for team outcomes
• Solid working knowledge of at least 3 of the 5 languages: Java, JavaScript, Go, Python, PHP
• Hands-on experience with security research or vulnerability analysis including CVE triage and patch backporting
• Ability to work effectively in distributed teams and larger organizational structures
• Strong communication skills for interfacing with stakeholders and meeting delivery expectations
• Experience building or improving engineering processes from scratch
• Experience with CI/CD systems (GitLab CI, Jenkins) and dependency management tools (Maven/Gradle, npm, pip, Go modules)
• Upper-intermediate or higher English proficiency (written and spoken)

Nice to have:

• Hands-on experience identifying and analyzing vulnerabilities in language-ecosystem applications
• Understanding of the security vulnerability lifecycle (CVE, CVSS, CWE, CSAF/VEX)
• Background in open-source security, supply chain security, or ELS-type products
• Experience integrating AI tooling into research or patching workflows
• Knowledge of Docker, Kubernetes, or cloud-native ecosystems

People & Teams:

• Lead and develop four teams (Java, JavaScript/Go, Python, PHP) totaling approximately 18 engineers
• Build a culture of technical excellence, accountability, and continuous improvement
• Define hiring plans, conduct performance reviews, and drive career development
• Manage onboarding and ramp-up of new team members, projects, and libraries

Technical Direction:

• Set and enforce standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes
• Drive consistency in tooling and workflows across teams including CI/CD pipelines, patch delivery, and release processes
• Evaluate and guide AI-assisted automation for backporting and vulnerability discovery
• Serve as the final technical escalation point for complex or cross-team security issues

Delivery & Operations:

• Own SLA compliance across all language platforms
• Align team efforts with client expectations and delivery commitments
• Organize and continuously improve development workflows and engineering processes
• Coordinate internal documentation to reflect the actual state of each project
• Ensure smooth coordination between language teams and OS, Docker, and platform teams
• Manage scope boundaries and overlap with OS and platform teams, especially around shared dependencies and cross-ecosystem vulnerabilities

By applying for this position, candidates consent to the processing of their personal data as described in the company's Privacy Policy.