Founding RASP Engineer - Node.js (remote-only)
CloudLinuxYou'll be redirected to the original listing.
Description
CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure we all are successful.
Check out our website for more information https://cloudlinux.com/
Imunify360 Security Suite is a product of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. Imunify is an innovative security solution designed specifically for shared and VPS/Dedicated servers. The automated, easy-to-use solution with the six-layer approach to security delivers comprehensive and complete attack prevention.
The mission
We protect web hosting providers and the sites running on their infrastructure through a defense-in-depth stack: web-server-layer WAF, runtime application self-protection for PHP, deep application integrations (WordPress plugins and similar), a malware scanner with cleanup capability, and network-layer firewalls and IP reputation. The pieces talk to each other, and the threat intelligence they generate at scale powers detection across the stack.
Node.js is the segment of the hosting market growing fastest, and the next layer we want to build for it is runtime protection inside the Node.js process itself. Most Node.js workloads on managed hosting today are AI-generated web apps deployed by non-technical owners who can't, won't, and shouldn't be expected to patch their own code or audit their own dependencies. We're going to defend those apps anyway — at runtime, without their cooperation, without breaking them.
You'll build that runtime protection layer end-to-end.
What you'll own
- The product. A brand-new product line, yours to define — what we intercept, what we don't, what the customer-visible surface looks like.
- The technical approach. Instrumentation strategy, deployment shape, programming language — all open. You'll consult with our architects but the direction is yours.
- Implementation, end to end. You'll have the full tooling stack we provide — LLM subscriptions, modern dev infrastructure, the works. Use what makes you fast.
- Methodology. How you build conviction in your detection logic — your call.
- Cross-layer signal. Our existing stack produces threat intelligence at unmatched scale: tens of millions of monitored sites, petabyte-scale malware sample storage, real-time domain and URL reputation, IP-level attack feeds. These are available for you to plug into. Use what helps.
How we'll measure success
The product is held to four numbers: runtime overhead, false positives, false negatives, and customer-escalation volume. They reflect what hosting providers and their customers care about. Hit them well and the product runs inside a meaningful slice of the modern Node.js web.
What we're looking for
An experienced researcher or engineer who can build and iterate on a brand-new product, driving both the research and the development. The hard part of this work is knowing what's malicious, what's vulnerable, and what's just an unusual but legitimate pattern — and being right about it across the long tail of frameworks, libraries, and customer code we'll encounter in production.
Requirements
Must have:
- Familiarity with the Node.js runtime and the JavaScript ecosystem.
- Strong web application security fundamentals and current knowledge of practical exploitation.
- A worki…