Senior Security Engineer - Node.js Proactive Defense (remote-only)

CloudLinux is a global remote-first company delivering high-volume, low-cost Linux infrastructure and security products. Imunify360 Security Suite is a product of CloudLinux Inc., designed specifically for shared and VPS/Dedicated servers, providing a six-layer approach to security with comprehensive attack prevention.

Must have:

• Security engineer mindset focused on attack surfaces, exploit primitives, and defense-in-depth.
• Runtime/exploitation knowledge across languages including prototype pollution, deserialization, command injection, SSRF, path traversal, and supply-chain poisoning.
• Systems-level development experience with Linux daemons, systemd, privileged processes, IPC, namespaces/cgroups, file-descriptor and signal hygiene.
• Low-level/instrumentation experience with hooking, tracing, or intercepting in production (e.g., LD_PRELOAD, eBPF, ptrace, JVM agents, Python sys.settrace, language-runtime preload, kernel modules).

Nice to have:

• Shared-hosting/multi-tenant Linux experience including LVE, CageFS, control-panel ecosystems, or analogous tenant-isolation work.
• Comfort working from CVEs and threat-intel feeds as primary product input.

• Own the Node.js Proactive Defense initiative, creating a runtime security layer for Imunify360 similar to the existing PHP auto-immunity.
• Design and ship a Node.js runtime agent hooking into the V8/Node lifecycle to trace and block malicious behavior patterns such as child_process spawn chains, eval/Function constructors, prototype pollution exploitation, unsafe deserialization, SSRF, path traversal, fs writes to sensitive locations, malicious require()/dynamic import chains, and supply-chain poisoning at load time.
• Define the detection model including policy-blockable behaviors, signal-only behaviors, and rule authoring, distribution, and versioning.
• Integrate the agent with the Imunify security stack so Node.js detections flow into the existing telemetry pipeline, backend event store, and admin UI.
• Ensure production safety on shared hosting with low overhead, tenant isolation, compatibility with CageFS/LVE, and resilience against hostile tenants.
• Build a pipeline that converts CVE write-ups and threat-intel feeds into shipped detections automatically.
• Own the feedback loop from production blocks back into rule improvements.
• This is a green-field, security-engineering-led role with direct product impact.