Chief Security Officer (CSO) DevSecOps and Security Leader (worldwide, remote)

Job description

CloudLinux is a global remote-first company dedicated to delivering high-volume, low-cost Linux infrastructure and security products that help businesses increase the efficiency of their operations.

We are driven by our core principles – do the right thing, employees first, remote-first, and a commitment to innovation in Linux and open-source security.

Every team member supports each other to ensure collective success, making CloudLinux (and its subsidiary brands like TuxCare and Imunify) a truly great place to work.

Check out our website for more information

We are seeking an experienced Chief Security Officer (CSO) to lead the technical implementation of cutting-edge security measures across CloudLinux’s infrastructure and software products.

This role is not about simply issuing guidelines – it requires a hands-on leader who will actively embed security into our development and operations (DevSecOps) processes and work side-by-side with product and infrastructure teams to build secure, modern systems.

The CSO will drive technical decisions that protect the company’s assets, bringing the latest security best practices to our organization.

Key Responsibilities:

• Provide strategic leadership of CloudLinux’s information security program and build a collaborative security culture across all teams.
• Define and execute a security strategy that aligns with our business goals and the evolving threat landscape.
• Integrate security at every phase of the software development lifecycle.
  
  Implement security checks and automated testing (SAST, DAST, SCA) within CI/CD pipelines to detect vulnerabilities early.
• Champion a “shift-left” security approach so that developers get rapid feedback on security issues and fixes occur before production.
• Ensure our cloud infrastructure and Linux-based platforms are secured following cloud-native security best practices.
• Oversee the security of virtual machines, containerized environments, and Infrastructure-as-Code configurations, implementing tools and policies to maintain secure configurations.
• Evolve our architecture towards a Zero Trust model – eliminate implicit trust and enforce continuous verification for every user, device, and service attempting to access our systems.
• Protect critical network infrastructure through active defense and monitoring.
• Take proactive steps to guard against loss or compromise of critical information.
  
  Establish robust monitoring (e.g., SIEM/IDS) and incident response processes to effectively detect, respond to, and recover from security incidents/
• Continuously analyze emerging threats from the internet and coordinate a swift response to any security events.
• Support product engineering teams in keeping their code and designs free of security bugs.
  
  Lead initiatives like regular code reviews, penetration testing, and threat modeling of new features.
• Partner with engineering leaders to prioritize and remediate vulnerabilities in products while balancing security with business needs.
• Champion secure coding practices across the development organization.
  
  Provide guidance or training to developers on avoiding common vulnerabilities (e.g., OWASP Top Ten) and utilizing secure design patterns
• Foster a security-aware mindset so that “secure by design” becomes a standard.
• Implement measures to secure our software supply chain.
  
  Use automated tools to perform dependency and open-source vulnerability scanning in builds, monitor for new threats in third-party components, and verify the integrity of open-source libraries and packages.
• Interact directly with the broader security community on vulnerabilities and threats affecting our industry.
  
  Coordinate responsible disclosure and remediation of any security issues in CloudLinux’s products.
  
  Stay abreast of the latest security research and contribute back to open-source security initiatives as appropriate.
• Lead and mentor a small but growing security team of engineers.
  
  Roll up your sleeves to work hands-on alongside your team when needed, given that deep security expertise in the organization is still being developed.
  
  Guide and expand the team to scale our security capabilities, while promoting effective cross-functional collaboration with development, DevOps, and IT teams.

Requirements

To thrive in this role, you should have:

• 8+ years of experience in information security (with a track record in both offensive and defensive security).
  
  Demonstrated success in implementing security programs or projects.
• In-depth understanding of Linux/UNIX-based systems is essential, as our products and infrastructure are Linux-centric.
• Solid programming/scripting abilities (e.g., C, PHP, Python, Golang, Bash, etc.) and the ability to read and review code for security issues.
  
  Experience automating tasks and integrating security tools into development workflows is highly valued.
• Strong understanding of network security principles, protocols, and tools for securing networked systems (firewalls, VPNs, encryption, intrusion detection, etc.).
• Hands-on familiarity with modern DevOps environments – CI/CD pipelines, configuration management, virtualization (KVM-based), containerization (Docker/K8s), and cloud platforms (AWS, Azure, or GCP).
  
  Experience securing cloud infrastructure and using Infrastructure-as-Code security tools is a big plus.
• Proven experience leading a security team, or demonstrated ability to lead and collaborate with cross-functional teams.
  
  You should be adept at working with engineers, DevOps, and product managers to drive security improvements collectively.
• Experience in security research, vulnerability assessment, and hands-on penetration testing.
  
  You can think like an attacker to identify weaknesses and also design effective defenses.
• Strong communication skills in English (upper-intermediate/B2 or higher).
  
  Able to clearly articulate security risks and strategies to both technical and non-technical stakeholders, and to write clear policies and reports.
• A continuous learning mindset to stay updated on emerging threats, tools, and best practices in cybersecurity.
  
  Passion for keeping up with the fast-evolving security landscape (e.g., new vulnerabilities, DevSecOps techniques, compliance requirements).

It will be a plus if you also have:

• Relevant certifications (e.g., CISSP, CISM, OSCP, or DevSecOps-specific credentials), as well as experience with security compliance frameworks (ISO 27001, SOC 2, GDPR, PCI-DSS, etc.).
  
  
• Familiarity with open-source security projects or contributions to the security community will set you apart.

Personal qualities:

• Strong problem-solving skills and attention to detail, especially when troubleshooting complex vulnerabilities or incidents.
• Committed to the highest ethical standards and “doing the right thing” – you will be entrusted with protecting the company’s critical assets.
• Able to communicate security topics clearly and persuasively, fostering understanding and buy-in across teams.
• Ability to work under pressure and maintain a positive, proactive attitude.
  
  Security incidents can be stressful – you remain calm and focused on solutions.
• Strong organizational skills with the ability to manage multiple initiatives simultaneously, from long-term security projects to urgent incident responses.
• High level of initiative and the ability to work independently when needed, while also being a supportive team player.
  
  You lead by example and enjoy mentoring others, creating an environment where security is everyone’s responsibility.
• Critical thinking and a drive for innovation.
  
  You continually seek ways to modernize our security posture and don’t settle for “good enough” if there’s a safer, better approach.

Benefits

What's in it for you?

• A strong focus on professional development with opportunities for learning and growth:
• Interesting and challenging projects,
• Mentor and other knowledge-exchange programs, 
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide;
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves to ensure you maintain a healthy work-life balance;
• Compensation for private medical insurance;
• Co-working and gym/sports reimbursement;
• The opportunity to receive a reward for the most innovative idea that the company can patent, fostering a culture of creativity and innovation.

By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (), which provides detailed information on how we maintain and handle your data.

Required Skill Profession

Operations Specialties Managers