Senior Security Engineer - Node.js Proactive Defense (remote-only)
Cloudlinux
•Remote
About The Position
CloudLinux is a global remote-first company driven by principles of doing the right thing, prioritizing employees, and delivering high-volume, low-cost Linux infrastructure and security products. Imunify360 Security Suite, a product of CloudLinux, is an innovative security solution for shared and VPS/Dedicated servers, offering comprehensive attack prevention through a six-layer approach. This role will focus on developing a new runtime security layer for Node.js within the Imunify360 framework, bringing in-process protection similar to what is already provided for PHP.
Requirements
- Security engineer mindset with a strong understanding of attack surfaces, exploit primitives, and defense-in-depth.
- Runtime/exploitation knowledge across various languages, including prototype pollution, deserialization, command injection, SSRF, path traversal, and supply-chain poisoning.
- Experience with systems-level development on Linux, including daemons, systemd, privileged processes, IPC, namespaces/cgroups, and signal hygiene.
- Low-level/instrumentation experience, such as hooking, tracing, or intercepting processes using tools like LD_PRELOAD, eBPF, ptrace, JVM agents, Python sys.settrace, language-runtime preload, or kernel modules.
Nice To Haves
- Experience in shared-hosting/multi-tenant Linux environments (LVE, CageFS, control-panel ecosystems).
- Comfort working with CVEs and threat-intel feeds as primary product input.
- Experience with Node.js runtime security.
Responsibilities
- Design and ship a Node.js runtime agent that hooks into the V8/Node lifecycle to trace and block malicious behavior patterns.
- Define the detection model, including policy-blockable behaviors, signal-only detections, and rule authoring, distribution, and versioning.
- Integrate the Node.js agent with the existing Imunify security stack for unified telemetry, event storage, and admin UI.
- Ensure the agent is production-safe for shared hosting environments, with low overhead, tenant isolation, and compatibility with CageFS/LVE.
- Build a pipeline to convert CVE write-ups and threat-intel feeds into shipped detections automatically.
- Own the feedback loop from production blocks back into rule generation for continuous improvement.
Benefits
- Focus on professional development.
- Interesting and challenging projects.
- Fully remote work with flexible working hours.
- Work from any location worldwide.
- 24 days of paid vacation per year.
- 10 days of national holidays.
- Unlimited sick leaves.
- Compensation for private medical insurance.
- Co-working and gym/sports reimbursement.
- Budget for education.
- Opportunity to receive a reward for innovative ideas that can be patented.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
