Senior Security Engineer - Node.js Proactive Defense (remote-only)
Podsumowanie roli od JobGrid
Senior Security Engineer - Node.js Proactive Defense (remote-only) at Cloudlinux: Zdalnie, Czarnogóra; Pełny etat. JobGrid adds normalized role facts, source context, and a path to the employer application page so candidates can compare the listing before applying.
- Location and workplace: Zdalnie, Czarnogóra
- Role classification: Pełny etat
- Source freshness: checked by JobGrid on 2026-05-30.
- Application path: candidates continue to the employer application page with non-personal referral tags.
CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure we all are successful.
Check out our website for more information https://cloudlinux.com/
Imunify360 Security Suite is a product of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. Imunify is an innovative security solution designed specifically for shared and VPS/Dedicated servers. The automated, easy-to-use solution with the six-layer approach to security delivers comprehensive and complete attack prevention.
What You'll Work On
You will own the Node.js Proactive Defense initiative — a new runtime security layer for Imunify360 that brings the same in-process protection model we already ship for PHP (PHP auto-immunity / blocking of malicious code at runtime) into the Node.js ecosystem.
Today, hosting providers running multi-tenant Node.js workloads have no equivalent of mod_security + PHP Proactive Defense: malicious code, supply-chain payloads, and post-exploitation behavior execute inside the Node.js process with full privileges of the tenant. Your job is to close that gap.
Concretely, You Will:
- Design and ship a Node.js runtime agent that hooks into the V8/Node lifecycle to trace and block malicious behavior patterns (child_process spawn chains, eval / Function constructors, prototype pollution exploitation, unsafe deserialization, SSRF, path traversal, fs writes to sensitive locations, malicious require() / dynamic import chains, supply-chain poisoning at load time).
- Define the detection model: which behaviors are policy-blockable by default, which are signal-only, and how rules are authored, distributed, and versioned alongside our existing Proactive Defense rule pipeline.
- Integrate the agent with the rest of the on-host Imunify security stack so that Node.js detections, blocks, and incidents flow into the same telemetry pipeline, the same backend event store, and the same admin UI as our other layers (WAF, host-IDS, brute-force protection, malware scanner, patch management). This ships as a first-class layer of Imunify360, not a standalone tool.
- Make it production-safe on shared hosting: low overhead, tenant-isolated, compatible with CageFS / LVE, and resilient to hostile tenants who will try to disable or evade the agent.
- Build the pipeline that turns CVE write-ups and threat-intel feeds into shipped detections. The system — not a human — ingests advisories, extracts the exploit primitive, generates and tests rule candidates against a corpus, and rolls them out with the right signal-only / blocking posture.
- Own the closed feedback loop from production blocks (true positives, false positives, evasions) back into the next generation of rules.
This is a green-field, security-engineering-led role with direct product impact: the detections you write will run on hundreds of thousands of servers.