Senior Security Engineer – Node.js Proactive Defense

🕒 May 26

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of CloudLinux

CloudLinux

51 - 200 employees

Founded 2009

☁️ SaaS

🔐 Security

🌐 Web 3

SaaS • Security • Web 3

CloudLinux is a leading provider of operating systems designed specifically for web hosting environments. The company offers a line of products including CloudLinux OS Legacy, CloudLinux OS Shared Pro, and CloudLinux OS Solo, each tailored to improve server stability, security, and performance. With features such as kernel live patching, advanced automation and monitoring tools, and specialized WordPress optimization, CloudLinux helps hosting companies maximize security and profitability while ensuring stable server environments. Over 4,000 companies trust CloudLinux to power millions of websites worldwide, benefitting from increased stability and reduced churn rates. The company emphasizes compatibility with major hosting control panels and CentOS, offering solutions for shared hosts, agencies, and small businesses.

📋 Description

• Design and ship a Node.js runtime agent that hooks into the V8/Node lifecycle to trace and block malicious behavior patterns (child_process spawn chains, eval / Function constructors, prototype pollution exploitation, unsafe deserialization, SSRF, path traversal, fs writes to sensitive locations, malicious require() / dynamic import chains, supply-chain poisoning at load time). • Define the detection model: which behaviors are policy-blockable by default, which are signal-only, and how rules are authored, distributed, and versioned alongside our existing Proactive Defense rule pipeline. • Integrate the agent with the rest of the on-host Imunify security stack so that Node.js detections, blocks, and incidents flow into the same telemetry pipeline, the same backend event store, and the same admin UI as our other layers (WAF, host-IDS, brute-force protection, malware scanner, patch management). This ships as a first-class layer of Imunify360, not a standalone tool. • Make it production-safe on shared hosting: low overhead, tenant-isolated, compatible with CageFS / LVE, and resilient to hostile tenants who will try to disable or evade the agent. • Build the pipeline that turns CVE write-ups and threat-intel feeds into shipped detections. The system — not a human — ingests advisories, extracts the exploit primitive, generates and tests rule candidates against a corpus, and rolls them out with the right signal-only / blocking posture. • Own the closed feedback loop from production blocks (true positives, false positives, evasions) back into the next generation of rules.

🎯 Requirements

• **Must have:** • - **Security engineer mindset:** thinks in attack surfaces, exploit primitives, and defense-in-depth - not just in OWASP checklists. Can read a CVE writeup and reconstruct the primitive, not just the patch. • - **Runtime/exploitation knowledge across languages:** prototype pollution, deserialization, command injection, SSRF, path traversal, supply-chain poisoning - knows why these primitives exist, not just that they have names. • - **Systems-level development:** Linux daemons, systemd, privileged processes, IPC, namespaces/cgroups, file-descriptor and signal hygiene. • - **Low-level / instrumentation instinct:** has hooked, traced, or intercepted something in production - LD_PRELOAD, eBPF, ptrace, JVM agents, Python sys.settrace, language-runtime preload, kernel modules. The specific tech doesn't matter; the instinct does. • **Nice to have:** • - Shared-hosting / multi-tenant Linux experience: LVE, CageFS, control-panel ecosystems, or analogous tenant-isolation work. • - Comfort working from a CVEs and threat-intel feed as primary product input.

🏖️ Benefits

• A focus on professional development. • Interesting and challenging projects. • Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide. • Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves. • Compensation for private medical insurance. • Co-working and gym/sports reimbursement. • Budget for education. • The opportunity to receive a reward for the most innovative idea that the company can patent.

Apply Now

Similar Jobs

🕒 May 26

RemoteStar

11 - 50

🤝 B2B

🎯 Recruiter

☁️ SaaS

Senior Java Engineer engaging in AI and Legacy Service Modernization in Poland. Modernising systems and infrastructure with AI integration for efficiency and performance improvements.

Java

Microservices

🕒 May 26

Base.com

51 - 200

🛍️ eCommerce

☁️ SaaS

🤝 B2B

Mid PHP Developer for Responso, a startup creating innovative SaaS applications for e-commerce. Focusing on quality code and data processing challenges in a collaborative environment.

🗣️🇵🇱 Polish Required

ElasticSearch

PHP

RabbitMQ

Symfony

🕒 May 26

Future Processing

1001 - 5000

🤖 Artificial Intelligence

☁️ SaaS

🔒 Cybersecurity

Java Developer for financial projects requiring AWS knowledge and collaboration with IT specialists. Creating solutions, testing new technologies, and performing unit and integration tests.

🗣️🇵🇱 Polish Required

Docker

Hibernate

Java

Kubernetes

Maven

Spring

Spring Boot

SpringBoot

🕒 May 22

Future Processing

1001 - 5000

🤖 Artificial Intelligence

☁️ SaaS

🔒 Cybersecurity

Looking for an experienced PHP Developer familiar with Symfony and AWS to support client needs in an international team environment. Opportunity for varied tasks and professional growth in a collaborative setting.

🗣️🇵🇱 Polish Required

Jest

jQuery

MySQL

PHP

Symfony

🕒 May 19

Sigma Software Group

1001 - 5000

🎮 Gaming

📡 Telecommunications

Senior JavaScript/Node.js MCP Developer working with a rapidly expanding FinTech company in Europe. Responsibilities include software design, implementation, and mentoring junior engineers.

AWS

GraphQL

JavaScript

Microservices

Node.js

React

TypeScript