Engineering Manager, Language Security (TuxCare)

Cloudlinux

22d•Remote

About The Position

TuxCare, a subsidiary of CloudLinux, provides security solutions for Linux and open-source software to enterprise organizations. Their offerings include automated live vulnerability patching, minimizing downtime, and ensuring application security and compliance. TuxCare's Endless Lifecycle Support (ELS) extends the secure usability of end-of-life software by providing security patches for unsupported versions of Linux distributions and language ecosystems such as Java, JavaScript/Node.js, Python, PHP, Go, Spring, Angular, Django, Flask, and more. This role is for an experienced Engineering Manager to lead TuxCare's Language Security Research function, which comprises four teams responsible for delivering security patches for open-source language runtimes and frameworks, both end-of-life and non-end-of-life. The position requires broad language ecosystem expertise and strong engineering leadership within a technical delivery environment. The manager will oversee approximately 18 engineers across Java, JavaScript/Go, Python, and PHP disciplines, setting the technical direction and operational standards for the function.

Requirements

Strong background in software development across multiple language ecosystems — at least 6 years of hands-on experience.
3+ years of engineering leadership experience (Team Lead or Engineering Manager) in a product company.
Proven experience with technical delivery and accountability for team outcomes.
Solid working knowledge of at least 3 of the 5 languages your teams cover: Java, JavaScript, Go, Python, PHP.
Hands-on experience with security research or vulnerability analysis: CVE triage, patch backporting, or similar.
Ability to work effectively in distributed teams and within larger organisational structures.
Strong communication skills — capable of interfacing with stakeholders and meeting external delivery expectations.
Experience building or improving engineering processes from scratch.
Experience with CI/CD systems (GitLab CI, Jenkins) and dependency management tooling (Maven/Gradle, npm, pip, Go modules).
Upper-intermediate or higher English (written and spoken).

Nice To Haves

Hands-on experience identifying and analysing vulnerabilities in language-ecosystem applications.
Understanding of the security vulnerability lifecycle (CVE, CVSS, CWE, CSAF/VEX).
Background in open-source security, supply chain security, or ELS-type products.
Experience integrating AI tooling into research or patching workflows.
Knowledge of Docker, Kubernetes, or cloud-native ecosystems.

Responsibilities

Lead and develop four teams (Java, JavaScript/Go, Python, PHP) totaling ~18 engineers.
Build a culture of technical excellence, accountability, and continuous improvement.
Define hiring plans, conduct performance reviews, and drive career development for reports.
Manage onboarding and ramp-up of new team members, projects, and libraries into the team's scope.
Set and enforce standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes across all language ecosystems.
Drive consistency in tooling and workflows across teams (CI/CD pipelines, patch delivery, release processes).
Evaluate and guide AI-assisted automation for backporting and vulnerability discovery.
Serve as the final technical escalation point for complex or cross-team security issues.
Own SLA compliance across all language platforms.
Align team efforts with client expectations and delivery commitments.
Organize and continuously improve development workflows and engineering processes.
Coordinate internal documentation and ensure it reflects the actual state of each project.
Ensure smooth coordination between language teams and OS, Docker, and platform teams.
Manage scope boundaries and overlap with OS and platform teams, particularly around shared dependencies and cross-ecosystem vulnerabilities.