Engineering Manager, Language Security (TuxCare)

We are hiring remote specialists who have already relocated from Russia/Belarus.

Description

TuxCare is a subsidiary of CloudLinux. It offers a portfolio of security solutions for Linux and open-source software aimed at enterprise organizations. With TuxCare, enterprises can automate live vulnerability patching, minimize downtime, keep their applications secure and compliant, and get support from a team that knows Linux security best – covering the most popular Linux distributions, end-of-life systems, programming languages, and much more.

We are looking for an experienced Engineering Manager to take ownership of TuxCare's Language Security Research function — a group of four teams responsible for delivering security patches for end-of-life and non-EOL open-source language runtimes and frameworks.

TuxCare's Endless Lifecycle Support (ELS) helps organizations continue using end-of-life software securely. We provide security patches for unsupported versions of Linux distributions and language ecosystems — including Java, JavaScript/Node.js, Python, PHP, Go, Spring, Angular, Django, Flask, and more.

This is a manager-focused role within a technical delivery environment, where broad language ecosystem expertise and strong engineering leadership are both essential. You will manage four teams (~18 engineers) across Java, JavaScript/Go, Python, and PHP disciplines, setting the technical direction and operational standards for the entire function.

Useful links

• CVE coverage.
• ELS for Languages documentation.

What You Will Own

People & Teams

• Lead and develop four teams (Java, JavaScript/Go, Python, PHP) totalling ~18 engineers.
• Build a culture of technical excellence, accountability, and continuous improvement.
• Define hiring plans, conduct performance reviews, and drive career development for your reports.
• Manage onboarding and ramp-up of new team members, projects, and libraries into the team's scope.

Technical Direction

• Set and enforce standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes across all language ecosystems.
• Drive consistency in tooling and workflows across teams (CI/CD pipelines, patch delivery, release processes).
• Evaluate and guide AI-assisted automation for backporting and vulnerability discovery.
• Serve as the final technical escalation point for complex or cross-team security issues.

Delivery & Operations

• Own SLA compliance across all language platforms.
• Align team efforts with client expectations and delivery commitments.
• Organise and continuously improve development workflows and engineering processes.
• Coordinate internal documentation and ensure it reflects the actual state of each project.
• Ensure smooth coordination between language teams and OS, Docker, and platform teams.
• Manage scope boundaries and overlap with OS and platform teams, particularly around shared dependencies and cross-ecosystem vulnerabilities.

Requirements

Must have:

• Strong background in software development across multiple language ecosystems — at least 6 years of hands-on experience.
• 3+ years of engineering leadership experience (Team Lead or Engineering Manager) in a product company.
• Proven experience with technical delivery and accountability for team outcomes.
• Solid working knowledge of at least 3 of the 5 languages your teams cover: Java, JavaScript, Go, Python, PHP.
• Hands-on experience with security research or vulnerability analysis: CVE triage, patch backporting, or similar.
• Ability to work effectively in distributed teams and within larger organisational structures.
• Strong communication skills — capable of interfacing with stakeholders and meeting external delivery expectations.
• Experience building or improving engineering processes from scratch.
• Experience with CI/CD systems (GitLab CI, Jenkins) and dependency management tooling (Maven/Gradle, npm, pip, Go modules).
• Upper-intermediate or higher English (written and spoken).

Nice to have:

• Hands-on experience identifying and analysing vulnerabilities in language-ecosystem applications.
• Understanding of the security vulnerability lifecycle (CVE, CVSS, CWE, CSAF/VEX).
• Background in open-source security, supply chain security, or ELS-type products.
• Experience integrating AI tooling into research or patching workflows.
• Knowledge of Docker, Kubernetes, or cloud-native ecosystems.

Benefits

What's in it for you?

• A strong focus on professional development with opportunities for learning and growth.
• Interesting and challenging projects.
• Mentor and other knowledge-exchange programs.
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves to ensure you maintain a healthy work-life balance.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• The opportunity to receive a reward for the most innovative idea that the company can patent, fostering a culture of creativity and innovation.