CloudLinux is hiring a Lead Application Security Engineer / DevSecOps Engineer (worldwide remote)

CloudLinux seeks a Lead Application Security Engineer / DevSecOps Engineer to enhance the security posture of our software products and champion security best practices throughout the development lifecycle. You will be a key voice in our mission to deliver high-volume, low-cost Linux infrastructure and security products.

What You'll Do

• Perform security reviews of the company's external services.
• Design and implement recommendations for security hardening.
• Participate in all steps of the SDLC as a security engineer.
• Design and review new features to implement the Security by Design principle.
• Call attention to risks and drive actions to address those risks to protect users.

What We're Looking For

• Deep technical knowledge of security, including web applications security (backend and frontend), penetration testing, and modern security mechanisms.
• At least 3 years of experience assessing the security of Web applications and Binary applications.
• Deep understanding of modern web technologies (OAuth, JWT, CORS, CSP, SOP, SameSite, etc.) and architectures.
• Relevant education or a strong grasp of information security and IT fundamentals.
• Experience coding/scripting in one or more general-purpose programming languages.
• Deep understanding of Linux architecture and security stack.
• Experience in binary vulnerabilities and exploitation.
• Upper-intermediate level of English proficiency or higher.

Nice to Have

• Experience in exploiting vulnerabilities found in the code.
• Experience with code audits and code audit automation.
• Experience in architecting, developing, or maintaining secure cloud solutions.
• Experience in review of Docker/Kubernetes architectures.
• Successful CTF or Bug Bounty participation will be a major plus.
• Relevant certificates (OSCP, AWAE, CREST, GPEN) will be a major plus.

Technical Stack

• Linux
• Docker
• Kubernetes

Benefits & Compensation

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, allowing you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.

Work Mode

This is a fully remote, worldwide position with flexible hours. We are a remote-first company.

CloudLinux is an equal opportunity employer.