Lead Application Security Engineer / DevSecOps Engineer at CloudLinux

About CloudLinux

CloudLinux is a global, remote-first company delivering high-volume, low-cost Linux infrastructure and security products that increase operational efficiency for customers. We prioritize doing the right thing, putting employees first, and enabling remote work worldwide. Learn more at cloudlinux.com.

Role Summary

We are looking for a skilled Lead Application Security Engineer / DevSecOps Engineer to improve the security posture of our software products and drive secure engineering practices across the development lifecycle. You will assess external services, design and implement hardening recommendations, and embed security by design into new features.

Key Responsibilities

• Perform security reviews of CloudLinux external services and architectures.
• Design and implement recommendations for security hardening and mitigations.
• Participate across the SDLC as a security engineer, embedding security by design into feature development and architecture.
• Identify risks, drive remediation actions, and advocate for user protection across teams.

Requirements

• Strong technical knowledge and deep understanding of security, including web application security (frontend and backend), penetration testing, and modern security mechanisms.
• At least 3 years experience assessing web application security and binary applications.
• Deep knowledge of modern web technologies and architectures such as OAuth, JWT, CORS, CSP, SOP, SameSite, and related controls.
• Relevant education or strong practical understanding of information security and IT fundamentals.
• Experience coding or scripting in one or more general-purpose languages to automate tasks and build proofs of concept.
• Deep understanding of Linux architecture and security stack.
• Experience with binary vulnerabilities and exploitation techniques.
• Upper-intermediate English proficiency or higher.

Nice to Have

• Experience exploiting vulnerabilities found in code and performing code audits or automating code audit processes.
• Experience architecting, developing, or maintaining secure cloud solutions.
• Experience reviewing Docker and Kubernetes architectures for security.
• Successful CTF or bug bounty participation.
• Relevant certifications such as OSCP, AWAE, CREST, or GPEN.

Benefits

• Professional development focus and budget for education.
• Interesting and challenging security projects.
• Fully remote work with flexible working hours, allowing you to work from any location worldwide.
• Paid 24 days vacation per year, 10 national holidays, and unlimited sick leave.
• Compensation for private medical insurance.
• Coworking and gym or sports reimbursement.

Privacy and Consent

By applying you agree with CloudLinux's Privacy Policy and consent to the processing and maintenance of your personal data for recruitment purposes. See CloudLinux Privacy Policy for details.

How to Apply

If you are interested, submit your application via the provided application form on the job page. The job page includes the apply button and instructions.