Job Description

TuxCare is a subsidiary of CloudLinux. It offers a portfolio of security solutions for Linux and open-source software aimed at enterprise organizations. With TuxCare, enterprises can automate live vulnerability patching, minimize downtime, keep their applications secure and compliant, and get support from a team that knows Linux security best – covering the most popular Linux distributions, end-of-life systems, programming languages, and much more.

We are looking for an experienced Engineering Manager to take ownership of TuxCare's Language Security Research function — a group of four teams responsible for delivering security patches for end-of-life and non-EOL open-source language runtimes and frameworks.

TuxCare's Endless Lifecycle Support (ELS) helps organizations continue using end-of-life software securely. We provide security patches for unsupported versions of Linux distributions and language ecosystems — including Java, JavaScript/Node.js, Python, PHP, Go, Spring, Angular, Django, Flask, and more.

This is a manager-focused role within a technical delivery environment, where broad language ecosystem expertise and strong engineering leadership are both essential. You will manage four teams (~18 engineers) across Java, JavaScript/Go, Python, and PHP disciplines, setting the technical direction and operational standards for the entire function.

Useful links:

• CVE coverage: https://cve.tuxcare.com/els/cve
• ELS for Languages documentation: https://docs.tuxcare.com/els-for-languages/

What You Will Own

People & Teams

• Lead and develop four teams (Java, JavaScript/Go, Python, PHP) totalling ~18 engineers
• Build a culture of technical excellence, accountability, and continuous improvement
• Define hiring plans, conduct performance reviews, and drive career development for your reports
• Manage onboarding and ramp-up of new team members, projects, and libraries into the team's scope

Technical Direction

• Set and enforce standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes across all language ecosystems
• Drive consistency in tooling and workflows across teams (CI/CD pipelines, patch delivery, release processes)
• Evaluate and guide AI-assisted automation for backporting and vulnerability discovery
• Serve as the final technical escalation point for complex or cross-team security issues

Delivery & Operations

• Own SLA compliance across all language platforms
• Align team efforts with client expectations and delivery commitments
• Organise and continuously improve development workflows and engineering processes
• Coordinate internal documentation and ensure it reflects the actual state of each project
• Ensure smooth coordination between language teams and OS, Docker, and platform teams
• Manage scope boundaries and overlap with OS and platform teams, particularly around shared dependencies and cross-ecosystem vulnerabilities

Requirements

Must have:

• Strong background in software development across multiple language ecosystems — at least 6 years of hands-on experience
• 3+ years of engineering leadership experience (Team Lead or Engineering Manager) in a product company
• Proven experience with technical delivery and accountability for team outcomes
• Solid working knowledge of at least 3 of the 5 languages your teams cover: Java, JavaScript, Go, Python, PHP
• Hands-on experience with security research or vulnerability analysis: CVE triage, patch backporting, or similar
• Ability to work effectively in distributed teams and within larger organisational structures
• Strong communication skills — capable of interfacing with stakeholders and meeting external delivery expectations
• Experience building or improving engineering processes from scratch
• Experience with CI/CD systems (GitLab CI, Jenkins) and dependency management tooling (Maven/Gradle, npm, pip, Go modules)
• Upper-intermediate or higher English (written and spoken)

Nice to have:

• Hands-on experience identifying and analysing vulnerabilities in language-ecosystem applications
• Understanding of the security vulnerability lifecycle (CVE, CVSS, CWE, CSAF/VEX)
• Background in open-source security, supply chain security, or ELS-type products
• Experience integrating AI tooling into research or patching workflows
• Knowledge of Docker, Kubernetes, or cloud-native ecosystems

Benefits

What's in it for you?

• A strong focus on professional development with opportunities for learning and growth:
• Interesting and challenging projects,
• Mentor and other knowledge-exchange programs;
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide;
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves to ensure you maintain a healthy work-life balance;
• Compensation for private medical insurance;
• Co-working and gym/sports reimbursement;
• The opportunity to receive a reward for the most innovative idea that the company can patent, fostering a culture of creativity and innovation.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice), which provides detailed information on how we maintain and handle your data.