C

Engineering Manager, Language Security Research

CloudLinux • Armenia
Remote
Apply
AI Summary

Lead and develop four engineering teams responsible for delivering security patches for end-of-life and non-EOL open-source language runtimes and frameworks. Set technical direction and operational standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes across Java, JavaScript/Go, Python, and PHP ecosystems. Ensure SLA compliance, coordinate cross-team efforts, and drive engineering process improvements in a fully remote environment.

Key Highlights
Manage four teams totaling 18 engineers across Java, JavaScript/Go, Python, and PHP language ecosystems
Own technical direction for CVE analysis, vulnerability assessment, patch backporting, and security release processes
Ensure SLA compliance and coordinate with OS, Docker, and platform teams for cross-ecosystem vulnerability handling
Key Responsibilities
Lead and develop four teams (Java, JavaScript/Go, Python, PHP) totaling 18 engineers
Build a culture of technical excellence, accountability, and continuous improvement
Define hiring plans, conduct performance reviews, and drive career development for reports
Manage onboarding and ramp-up of new team members, projects, and libraries
Set and enforce standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes
Drive consistency in tooling and workflows across teams (CI/CD pipelines, patch delivery, release processes)
Evaluate and guide AI-assisted automation for backporting and vulnerability discovery
Own SLA compliance across all language platforms
Align team efforts with client expectations and delivery commitments
Organize and continuously improve development workflows and engineering processes
Coordinate internal documentation and ensure it reflects actual state of each project
Ensure smooth coordination between language teams and OS, Docker, and platform teams
Manage scope boundaries and overlap with OS and platform teams around shared dependencies
Technical Skills Required
Java JavaScript Python PHP
Benefits & Perks
Fully remote work with flexible working hours
Paid 24 days of vacation per year
Unlimited sick leaves
Nice to Have
Hands-on experience identifying and analysing vulnerabilities in language-ecosystem applications
Understanding of the security vulnerability lifecycle (CVE, CVSS, CWE, CSAF/VEX)
Background in open-source security, supply chain security, or ELS-type products
Experience integrating AI tooling into research or patching workflows
Knowledge of Docker, Kubernetes, or cloud-native ecosystems

Job Description


TuxCare offers a portfolio of security solutions for Linux and open-source software aimed at enterprise organizations. With TuxCare, enterprises can automate live vulnerability patching, minimize downtime, keep their applications secure and compliant, and get support from a team that knows Linux security best - covering the most popular Linux distributions, end-of-life systems, programming languages, and much more.

We are looking for an experienced Engineering Manager to take ownership of TuxCare's Language Security Research function — a group of four teams responsible for delivering security patches for end-of-life and non-EOL open-source language runtimes and frameworks.

TuxCare's Endless Lifecycle Support (ELS) helps organizations continue using end-of-life software securely. We provide security patches for unsupported versions of Linux distributions and language ecosystems — including Java, JavaScript/Node.js, Python, PHP, Go, Spring, Angular, Django, Flask, and more.

This is a manager-focused role within a technical delivery environment, where broad language ecosystem expertise and strong engineering leadership are both essential. You will manage four teams (:18 engineers) across Java, JavaScript/Go, Python, and PHP disciplines, setting the technical direction and operational standards for the entire function.

Useful links:

  • CVE coverage: https://cve.tuxcare.com/els/cve
  • ELS for Languages documentation: https://docs.tuxcare.com/els-for-languages/


What You Will Own


People & Teams

  • Lead and develop four teams (Java, JavaScript/Go, Python, PHP) totalling :18 engineers
  • Build a culture of technical excellence, accountability, and continuous improvement
  • Define hiring plans, conduct performance reviews, and drive career development for your reports
  • Manage onboarding and ramp-up of new team members, projects, and libraries into the team's scope


Technical Direction

  • Set and enforce standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes across all language ecosystems
  • Drive consistency in tooling and workflows across teams (CI/CD pipelines, patch delivery, release processes)
  • Evaluate and guide AI-assisted automation for backporting and vulnerability discovery
  • Serve as the final technical escalation point for complex or cross-team security issues


Delivery & Operations

  • Own SLA compliance across all language platforms
  • Align team efforts with client expectations and delivery commitments
  • Organise and continuously improve development workflows and engineering processes
  • Coordinate internal documentation and ensure it reflects the actual state of each project
  • Ensure smooth coordination between language teams and OS, Docker, and platform teams
  • Manage scope boundaries and overlap with OS and platform teams, particularly around shared dependencies and cross-ecosystem vulnerabilities


Requirements


Must have:

  • Strong background in software development across multiple language ecosystems — at least 6 years of hands-on experience
  • 3+ years of engineering leadership experience (Team Lead or Engineering Manager) in a product company
  • Proven experience with technical delivery and accountability for team outcomes
  • Solid working knowledge of at least 3 of the 5 languages your teams cover: Java, JavaScript, Go, Python, PHP
  • Hands-on experience with security research or vulnerability analysis: CVE triage, patch backporting, or similar
  • Ability to work effectively in distributed teams and within larger organisational structures
  • Strong communication skills — capable of interfacing with stakeholders and meeting external delivery expectations
  • Experience building or improving engineering processes from scratch
  • Experience with CI/CD systems (GitLab CI, Jenkins) and dependency management tooling (Maven/Gradle, npm, pip, Go modules)
  • Upper-intermediate or higher English (written and spoken)


Nice to have:

  • Hands-on experience identifying and analysing vulnerabilities in language-ecosystem applications
  • Understanding of the security vulnerability lifecycle (CVE, CVSS, CWE, CSAF/VEX)
  • Background in open-source security, supply chain security, or ELS-type products
  • Experience integrating AI tooling into research or patching workflows
  • Knowledge of Docker, Kubernetes, or cloud-native ecosystems


Benefits


What's in it for you?

  • A strong focus on professional development with opportunities for learning and growth:
    • Interesting and challenging projects,
    • Mentor and other knowledge-exchange programs;
  • Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide;
  • Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves to ensure you maintain a healthy work-life balance;
  • Compensation for private medical insurance;
  • Co-working and gym/sports reimbursement;
  • The opportunity to receive a reward for the most innovative idea that the company can patent, fostering a culture of creativity and innovation

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice), which provides detailed information on how we maintain and handle your data.

Similar Jobs

Explore other opportunities that match your interests

ML Security Engineer

Cyber Security
•
2h ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

Jobgether

United State

Cybersecurity Analyst

Cyber Security
•
7h ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

cyber focus ai

United State
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

cyber focus ai

United State

Subscribe our newsletter

New Things Will Always Update Regularly