Lead Security Operations Engineer at CloudLinux

Company overview

CloudLinux is a global, remote-first company delivering high-volume, cost-efficient Linux infrastructure and security products. We prioritize an employees first culture and continuous professional growth while solving challenging security and infrastructure problems at scale. Learn more at cloudlinux.com.

Role summary

We are seeking a Lead Security Operations Engineer to drive the development, implementation, and operational excellence of our detection, incident response, and threat intelligence capabilities. You will enhance visibility, improve response processes, and lead security initiatives to strengthen CloudLinux security posture across infrastructure and cloud environments.

Key responsibilities

• Integrate security practices into infrastructure and automation workflows, collaborating with development and operations teams to embed security across the software lifecycle.
• Create and maintain detection rules to identify attackers, and pursue innovative strategies to improve detection speed and coverage.
• Build, configure, and operate detection and response infrastructure, logging, monitoring, and alerting systems to increase observability and transparency.
• Triage, investigate, and escalate security alerts, and provide actionable remediation recommendations.
• Manage and implement cloud security controls for identity, access, and organizational policies across cloud providers.
• Identify promising security tools and lead proof of concept work through production rollout.
• Document procedures, runbooks, and best practices to enable effective knowledge sharing and repeatable incident response processes.
• Develop a comprehensive understanding of systems, environments, and tools to guide strategic security decisions.

Required qualifications

• Proven experience in an IT or security role, such as SecOps, Blue Team, or similar positions focused on detection and incident response.
• Hands-on experience triaging security alerts and executing incident response workflows.
• Practical familiarity with security tooling and tech stack components such as EDR, vulnerability scanners, SIEM, and cloud platforms.
• Strong knowledge of network and endpoint security, alert triage, and basic application security concepts.
• Experience building and maintaining monitoring and alerting capabilities for security use cases.
• Deep expertise with Linux based operating systems and related operational practices.
• Critical thinking and the ability to balance security controls with mission needs, with an innovative mindset toward detection.
• High proficiency in English, at least C1 level.

Nice to have

• Relevant information security certifications such as CISSP, OSCP, OSCE, LPT.
• Experience with modern container orchestration and related security tooling.
• Previous work with cloud vendors such as GCP, Azure, or AWS.
• Familiarity with information security standards and data protection regulations, for example ISO 27XXX, PCI DSS, GDPR.
• Knowledge of security protocols and frameworks such as PKI, X.509, SSL/TLS.
• Bachelor's degree in Computer Science, Information Security, or related field.
• Participation in CTFs, bug bounty programs, or similar hands-on security practice.

Benefits

• Focus on professional development and interesting, challenging projects.
• Fully remote work with flexible hours, allowing you to work from any location worldwide.
• Paid 24 days of vacation per year, 10 national holidays, and unlimited sick leave.
• Compensation for private medical insurance.
• Co-working and gym or sports reimbursement.
• Budget for education and professional development.
• Opportunity to receive a reward for the most innovative idea that the company can patent.

How to apply and privacy

By applying for this position you agree to the CloudLinux Privacy Policy at https://cloudlinux.com/legal/privacy-policies-hub/ and consent to processing of your personal data. Please apply via the job application link on the posting.