Warsaw, Masovian Voivodeship, Poland Remote (Global) Full-time

CloudLinux is hiring a Lead Application Security Engineer / DevSecOps Engineer (worldwide remote) | Cloudlinux | Jobs By Workable

About the Role

CloudLinux is looking for a Lead Application Security Engineer to play a key role in improving the security of our software products. You will drive security best practices across the entire development lifecycle, working to protect our high-volume, low-cost Linux infrastructure and security products.

What You'll Do

Perform security reviews of our external services.
Design and implement recommendations for security hardening.
Participate in all steps of the SDLC as a security engineer.
Design and review new features to implement the Security by Design principle.
Call attention to risks and drive actions to address them to protect users.

What We're Looking For

Deep technical knowledge of security, including web application security (backend and frontend), penetration testing, and modern security mechanisms.
At least 3 years of experience assessing the security of Web and Binary applications.
Deep understanding of modern web technologies (OAuth, JWT, CORS, CSP, SOP, SameSite).
Relevant education or a strong understanding of information security and IT basics.
Experience coding/scripting in one or more general-purpose languages.
Deep understanding of Linux architecture and its security stack.
Experience in binary vulnerabilities and exploitation.
At least an upper-intermediate level of English proficiency.

Nice to Have

Experience in exploiting vulnerabilities found in code.
Experience with code audits and code audit automation.
Experience in architecting, developing, or maintaining secure cloud solutions.
Experience in reviewing Docker and Kubernetes architectures.
Successful CTF or Bug Bounty participation will be a major plus.
Relevant certificates (OSCP, AWAE, CREST, GPEN) will be a major plus.

Technical Stack

Linux, OAuth, JWT, CORS, CSP, Docker, Kubernetes

Benefits & Compensation

A focus on professional development and a budget for education.
Interesting and challenging projects.
Fully remote work with flexible working hours, allowing you to work from any location worldwide.
Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leave.
Compensation for private medical insurance.
Co-working and gym/sports reimbursement.
The opportunity to receive a reward for the most innovative idea that the company can patent.

Work Mode

This is a fully remote, worldwide position with flexible hours.

CloudLinux is an equal opportunity employer.

Required Skills

LinuxOAuthJWTCORSCSPDockerKubernetesApplication SecurityDevSecOpsSAST/DASTThreat ModelingCloud SecuritySecurity ArchitectureIncident Response

Planning long-term in Thailand?

Full relocation support, start to finish

From visa strategy to housing, banking, and schools for your family — SVBL plans and manages every detail of your move to Thailand so nothing falls through the cracks.

Complete relocation planning

Family visa & school enrollment

Banking & insurance setup

Cultural integration support

Plan your move

One partner for everything

About company

TuxCare is a subsidiary of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. It offers a portfolio of security solutions for Linux and open-source software aimed at enterprise organizations.

Visit website

Job Details

Category security

Posted 3 months ago