Senior Security Engineer – Node.js Proactive Defense

This is a fully remote position, open to applicants in Poland.

📋 Description

• Develop and deploy a Node.js runtime agent that integrates with the V8/Node lifecycle to monitor and prevent malicious behavior patterns (such as child_process spawn chains, eval / Function constructors, prototype pollution exploitation, unsafe deserialization, SSRF, path traversal, fs writes to sensitive locations, malicious require() / dynamic import chains, and supply-chain poisoning at load time).

• Establish the detection model: determine which behaviors are inherently policy-blockable, which are signal-only, and the methods for authoring, distributing, and versioning rules in conjunction with our existing Proactive Defense rule pipeline.

• Seamlessly integrate the agent with the Imunify security stack on-host, ensuring that Node.js detections, blocks, and incidents are funneled into the same telemetry pipeline, backend event storage, and administrative interface as our other security layers (WAF, host-IDS, brute-force protection, malware scanner, patch management). This will be delivered as a core component of Imunify360, rather than as a separate tool.

• Ensure production safety in shared hosting environments: maintain low overhead, tenant isolation, compatibility with CageFS / LVE, and resilience against hostile tenants attempting to disable or evade the agent.

• Create a pipeline that translates CVE write-ups and threat intelligence feeds into deployed detections. The system — rather than a human — will ingest advisories, extract exploit primitives, generate and test rule candidates against a dataset, and deploy them with the appropriate signal-only / blocking configurations.

• Manage the closed feedback loop from production blocks (true positives, false positives, evasions) back into the development of the next generation of rules.

⛳️ Requirements

• **Must have:**

• - **Security engineer mindset:** able to think in terms of attack surfaces, exploit primitives, and defense-in-depth rather than solely relying on OWASP checklists. Capable of reading a CVE write-up and reconstructing the exploit primitive, not just the patch.

• - **Runtime/exploitation knowledge across languages:** familiar with prototype pollution, deserialization, command injection, SSRF, path traversal, and supply-chain poisoning — understands the rationale behind these primitives, not just their names.

• - **Systems-level development:** experienced in Linux daemons, systemd, privileged processes, IPC, namespaces/cgroups, and file-descriptor and signal hygiene.

• - **Low-level / instrumentation instinct:** has experience hooking, tracing, or intercepting something in production environments — whether through LD_PRELOAD, eBPF, ptrace, JVM agents, Python sys.settrace, language-runtime preload, or kernel modules. The specific technology is less important than the underlying instinct.

• **Nice to have:**

• - Experience in shared-hosting / multi-tenant Linux environments: LVE, CageFS, control-panel ecosystems, or similar tenant-isolation efforts.

• - Comfort working from CVEs and threat intelligence feeds as primary sources for product development.

🏝️ Benefits

• A strong emphasis on professional development.

• Engaging and intellectually stimulating projects.

• Fully remote work with flexible hours, allowing you to organize your day and work from anywhere in the world.

• Paid 24 days of vacation per year, 10 national holidays, and unlimited sick leave.

• Coverage for private medical insurance.

• Reimbursement for co-working and gym/sports expenses.

• Budget allocated for educational pursuits.

• The chance to receive a reward for the most innovative idea that the company can patent.