Engineering Manager, Language Security (TuxCare)

TuxCare is a subsidiary of CloudLinux. It offers a portfolio of security solutions for Linux and open-source software aimed at enterprise organizations. With TuxCare, enterprises can automate live vulnerability patching, minimize downtime, keep their applications secure and compliant, and get support from a team that knows Linux security best – covering the most popular Linux distributions, end-of-life systems, programming languages, and much more. We are looking for an experienced Engineering Manager to take ownership of TuxCare's Language Security Research function — a group of four teams responsible for delivering security patches for end-of-life and non-EOL open-source language runtimes and frameworks. TuxCare's Endless Lifecycle Support (ELS) helps organizations continue using end-of-life software securely. We provide security patches for unsupported versions of Linux distributions and language ecosystems — including Java, JavaScript/Node.js, Python, PHP, Go, Spring, Angular, Django, Flask, and more. This is a manager-focused role within a technical delivery environment, where broad language ecosystem expertise and strong engineering leadership are both essential. You will manage four teams (~18 engineers) across Java, JavaScript/Go, Python, and PHP disciplines, setting the technical direction and operational standards for the entire function. Useful links: CVE coverage: https://cve.tuxcare.com/els/cve ELS for Languages documentation: https://docs.tuxcare.com/els-for-languages/ What You Will Own People & Teams Lead and develop four teams (Java, JavaScript/Go, Python, PHP) totalling ~18 engineers Build a culture of technical excellence, accountability, and continuous improvement Define hiring plans, conduct performance reviews, and drive career development for your reports Manage onboarding and ramp-up of new team members, projects, and libraries into the team's scope Technical Direction Set and enforce standards for CVE analysis, vulnerability assessment, patch backporting, and security release processes across all language ecosystems Drive consistency in tooling and workflows across teams (CI/CD pipelines, patch delivery, release processes) Evaluate and guide AI-assisted automation for backporting and vulnerability discovery Serve as the final technical escalation point for complex or cross-team security issues Delivery & Operations Own SLA compliance across all language platforms Align team efforts with client expectations and delivery commitments Organise and continuously improve development workflows and engineering processes Coordinate internal documentation and ensure it reflects the actual state of each project Ensure smooth coordination between language teams and OS, Docker, and platform teams Manage scope boundaries and overlap with OS and platform teams, particularly around shared dependencies and cross-ecosystem vulnerabilities Must have: Strong background in software development across multiple language ecosystems — at least 6 years of hands-on experience 3+ years of engineering leadership experience (Team Lead or Engineering Manager) in a product company Proven experience with technical delivery and accountability for team outcomes Solid working knowledge of at least 3 of the 5 languages your teams cover: Java, JavaScript, Go, Python, PHP Hands-on experience with security research or vulnerability analysis: CVE triage, patch backporting, or similar Ability to work effectively in distributed teams and within larger organisational structures Strong communication skills — capable of interfacing with stakeholders and meeting external delivery expectations Experience building or improving engineering processes from scratch Experience with CI/CD systems (GitLab CI, Jenkins) and dependency management tooling (Maven/Gradle, npm, pip, Go modules) Upper-intermediate or higher English (written and spoken) Nice to have: Hands-on experience identifying and analysing vulnerabilities in language-ecosystem applications Understanding of the security vulnerability lifecycle (CVE, CVSS, CWE, CSAF/VEX) Background in open-source security, supply chain security, or ELS-type products Experience integrating AI tooling into research or patching workflows Knowledge of Docker, Kubernetes, or cloud-native ecosystems What's in it for you? A strong focus on professional development with opportunities for learning and growth: Interesting and challenging projects, Mentor and other knowledge-exchange programs; Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide; Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves to ensure you maintain a healthy work-life balance; Compensation for private medical insurance; Co-working and gym/sports reimbursement; The opportunity to receive a reward for the most innovative idea that the company can patent, fostering a culture of creativity and innovation. By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice), which provides detailed information on how we maintain and handle your data.