Lead Application Security Engineer / DevSecOps Engineer (worldwide remote)

CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure we are all successful. We are truly a great place to work.

Check out our website for more information https://cloudlinux.com/

We are looking for a skilled Lead Application Security Engineer / DevSecOps Engineer who will play a key role in improving the security of our software products and driving best practices across the development lifecycle.

As a Lead Application Security Engineer / DevSecOps Engineer, you will:

• Perform a security review of the company's external services.
• Design and implement recommendations for security hardening.
• Participate in all steps of SDLC as a security engineer.
• Design and review new features to implement the Security by Design principle.
• Call attention to risks and drive actions to address those risks to protect users.

Requirements

To be successful in this role, you should have:

• Good technical knowledge and deep understanding of security, including but not limited to: web applications security (both backend and frontend), penetration testing, and modern security mechanisms.
• Experience in assessing the security of Web applications (at least 3 years) and Binary applications.
• Deep understanding of modern web technologies (OAuth, JWT, CORS, CSP, SOP, SameSite, etc.) and architectures.
• Relevant education or a good understanding of information security and information technologies basics.
• Experience coding/scripting in one or more general-purpose languages.
• Deep understanding of Linux architecture and security stack.
• Experience in binary vulnerabilities and exploitation.
• At least an upper-intermediate level of English proficiency.

It would be a plus if you also have:

• Experience in exploiting vulnerabilities found in the code.
• Experience with code audits, code audit automation.
• Experience in architecting, developing, or maintaining secure cloud solutions.
• Experience in review of Docker/Kubernetes architectures.
• Successful CTF or Bug Bounty participation will be a major plus.
• Relevant certificates (OSCP, AWAE, CREST, GPEN) will be a major plus.

Benefits

What's in it for you?

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, which allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.

By applying for this position, you agree with CloudLinux Privacy Policy (https://cloudlinux.com/legal/privacy-policies-hub/ ) and give us your consent to maintain and process your personal data with this respect. Please read our Privacy Policy for more information.