CloudLinux is looking for a Lead Application Security Engineer to play a key role in improving the security of our software products. You will drive security best practices across the entire development lifecycle, working to protect our high-volume, low-cost Linux infrastructure and security products.
What You'll Do
- Perform security reviews of our external services.
- Design and implement recommendations for security hardening.
- Participate in all steps of the SDLC as a security engineer.
- Design and review new features to implement the Security by Design principle.
- Call attention to risks and drive actions to address them to protect users.
What We're Looking For
- Deep technical knowledge of security, including web application security (backend and frontend), penetration testing, and modern security mechanisms.
- At least 3 years of experience assessing the security of Web and Binary applications.
- Deep understanding of modern web technologies (OAuth, JWT, CORS, CSP, SOP, SameSite).
- Relevant education or a strong understanding of information security and IT basics.
- Experience coding/scripting in one or more general-purpose languages.
- Deep understanding of Linux architecture and its security stack.
- Experience in binary vulnerabilities and exploitation.
- At least an upper-intermediate level of English proficiency.
Nice to Have
- Experience in exploiting vulnerabilities found in code.
- Experience with code audits and code audit automation.
- Experience in architecting, developing, or maintaining secure cloud solutions.
- Experience in reviewing Docker and Kubernetes architectures.
- Successful CTF or Bug Bounty participation will be a major plus.
- Relevant certificates (OSCP, AWAE, CREST, GPEN) will be a major plus.
Technical Stack
- Linux, OAuth, JWT, CORS, CSP, Docker, Kubernetes
Benefits & Compensation
- A focus on professional development and a budget for education.
- Interesting and challenging projects.
- Fully remote work with flexible working hours, allowing you to work from any location worldwide.
- Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leave.
- Compensation for private medical insurance.
- Co-working and gym/sports reimbursement.
- The opportunity to receive a reward for the most innovative idea that the company can patent.
Work Mode
This is a fully remote, worldwide position with flexible hours.
CloudLinux is an equal opportunity employer.
