Senior/Principal Security Engineer - Node.js Proactive Defense (remote-only)

Brak informacji o wynagrodzeniu
SeniorFull-time
#357191·Dodano miesiąc temu·1
Źródło: Cloudlinux
Aplikuj teraz

Tech Stack / Keywords

SecurityNode.jsLinuxPHPNodeRESTBackendOWASP

Firma i stanowisko

CloudLinux is a global remote-first company delivering high-volume, low-cost Linux infrastructure and security products. Imunify360 Security Suite is a product of CloudLinux Inc., designed specifically for shared and VPS/Dedicated servers, providing a six-layer approach to security with comprehensive attack prevention.

Wymagania

Must have:

  • Security engineer mindset focused on attack surfaces, exploit primitives, and defense-in-depth.
  • Runtime/exploitation knowledge across languages including prototype pollution, deserialization, command injection, SSRF, path traversal, and supply-chain poisoning.
  • Systems-level development experience with Linux daemons, systemd, privileged processes, IPC, namespaces/cgroups, file-descriptor and signal hygiene.
  • Low-level/instrumentation experience with hooking, tracing, or intercepting in production (e.g., LD_PRELOAD, eBPF, ptrace, JVM agents, Python sys.settrace, language-runtime preload, kernel modules).

Nice to have:

  • Shared-hosting/multi-tenant Linux experience including LVE, CageFS, control-panel ecosystems, or analogous tenant-isolation work.
  • Comfort working from CVEs and threat-intel feeds as primary product input.

Obowiązki

  • Own the Node.js Proactive Defense initiative, creating a runtime security layer for Imunify360 similar to the existing PHP auto-immunity.
  • Design and ship a Node.js runtime agent hooking into the V8/Node lifecycle to trace and block malicious behavior patterns such as child_process spawn chains, eval/Function constructors, prototype pollution exploitation, unsafe deserialization, SSRF, path traversal, fs writes to sensitive locations, malicious require()/dynamic import chains, and supply-chain poisoning at load time.
  • Define the detection model including policy-blockable behaviors, signal-only behaviors, and rule authoring, distribution, and versioning.
  • Integrate the agent with the Imunify security stack so Node.js detections flow into the existing telemetry pipeline, backend event store, and admin UI.
  • Ensure production safety on shared hosting with low overhead, tenant isolation, compatibility with CageFS/LVE, and resilience against hostile tenants.
  • Build a pipeline that converts CVE write-ups and threat-intel feeds into shipped detections automatically.
  • Own the feedback loop from production blocks back into rule improvements.
  • This is a green-field, security-engineering-led role with direct product impact.

Benefity

  • Focus on professional development.
  • Interesting and challenging projects.
  • Fully remote work with flexible working hours.
  • Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
  • Compensation for private medical insurance.
  • Co-working and gym/sports reimbursement.
  • Budget for education.
  • Opportunity to receive a reward for the most innovative idea that the company can patent.
Elastyczne godziny
Płatny urlop
Opieka zdrowotna
Karta sportowa
Dofinansowanie szkoleń
CloudLinux

CloudLinux

10 aktywnych ofert

Zobacz wszystkie oferty
Aplikuj teraz