Head of Malware Research & Engineering (worldwide remote, work anywhere)
Cloudlinux
$0-$0 / yr
Salary
brazil
Region
ASAP
Start Date
About Cloudlinux
CloudLinux is on a mission to make Linux secure, stable, and profitable. We have spent more than 500 combined years working on Linux, and are changing how hosting companies and data centers use this technology we love by bringing it to millions of their customers. With more than 500,000 product installations and 4,000 customers, including Liquid Web, 1&1, and Dell, CloudLinux combines in-depth technical knowledge of hosting, kernel development, and open source with unique client care expertise.
CloudLinux team members are not tied to a physical office location, and everyone works remotely full-time. We provide flexible working hours and an open management style, to avoid unnecessary bureaucracy and excessive control while getting the best from our employees. This system allows each of us to fully realize our ideas and ambitions, while comfortably combining work with our usual lifestyles.
About this Role.
CloudLinux is a global remote-first company. We are driven by our principles: do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure we all are successful.
Imunify360 Security Suite is a product of CloudLinux Inc., the maker of the #1 OS in security and stability for hosting providers. Imunify is an innovative security solution designed specifically for shared and VPS/Dedicated servers. The automated, easy-to-use solution with the six-layer approach to security delivers comprehensive and complete attack prevention.
We are seeking an experienced Engineering Leader to head the Cloud Antivirus Department at Imunify360, overseeing three specialized teams that form the core of Imunify's malware detection, analysis, and cloud scanning infrastructure. This role combines deep technical expertise in malware analysis and distributed systems with strong people management and strategic product vision.
The department is responsible for protecting millions of websites on shared hostings through the Imunify360/ImunifyAV product line, processing tens of millions of files through a cloud-based antivirus pipeline, and maintaining the malware signature lifecycle from creation to deployment.
Teams Under Management
- Malware Team — On-server malware scanning and detection stack: signature-based and heuristic scanners, real-time file monitoring, malware cleaner, signature server, release engineering and rollout.
- Cloud Antivirus (CloudAV) Team — Cloud-based malware analysis infrastructure: large-scale Airflow data processing cluster (24+ nodes), PHP emulator sandbox, automated signature generation, file classification pipelines, storage and hardware capacity planning.
- Malware Processing Team — Malware analysis operations: sample triage, signature creation, false negative/false positive remediation, ML-assisted classification, vendor integrations, and remediation tooling.
Key Responsibilities
Product & Strategy
Introduce, own and constantly improve key metrics for antivirus products
Define and prioritize the product roadmap across all three teams
Drive product initiatives to achieve challenging key metrics
Collaborate with Product Management on VIP customer requirements and competitive analysis
Introduce more AI tools & instruments within malware detection lifecycle
Technical Leadership & Architecture
Own the end-to-end malware detection pipeline: from file ingestion through cloud analysis to on-server verdict delivery and cleanup
Drive architectural decisions for distributed data processing (Airflow DAGs, async Python, ClickHouse, MongoDB, Redis, Kafka)
Oversee migration and modernization initiatives (e.g., AI malware analysis, AI rules creation)
Design and implement performance optimizations for cloud processing throughput (10M+ brand new samples added daily)
Manage infrastructure capacity planning: compute nodes, Ceph storage clusters, database scaling
People Management
Lead 3 teams across multiple time zones
Hire, mentor, and grow engineers and team leaders for 3 teams
Coordinate cross-team dependencies with Server Team, Web Protection Team, QA, Infrastructure, and Support
Operational Excellence
Ensure signature release quality through automated testing pipelines
Monitor and improve detection rates, false positive rates, and cleanup success metrics
Respond to production incidents (certificate expiries, infrastructure failures, processing bottlenecks)
Manage vendor and partner technical integrations
Goals for the First 6 Months
- Understand the full pipeline end-to-end: from file ingestion from clients' servers, pipelines processing in the cloud, verdict delivery, and on-server scanning/cleanup
- Maintain momentum on active initiatives: e.g. Rust migration
- Establish relationships with cross-functional stakeholders (Server Team, Web Protection Team, Product, Support, Infrastructure)
- Identify and address the top 3 detection quality or infrastructure bottlenecks
- Define the department key metrics and start tightening them to excellence
Requirements
Must have
Past experience leading security products / labs with / researches
8+ years of software engineering experience, with 3+ years in a management role leading multiple teams
Deep expertise in malware analysis and antivirus technologies: static/dynamic analysis, signature-based detection, heuristic engines, file classification
Nice to have
Strong background in distributed systems and data engineering: experience with workflow orchestration (Airflow, Luigi, or similar), message queues (Kafka, RabbitMQ), and large-scale data processing
Experience with infrastructure at scale: managing compute clusters, storage systems (Ceph, S3), databases (ClickHouse, MongoDB, PostgreSQL, Redis)
Strong understanding of CI/CD pipelines: Jenkins, GitLab CI, containerized deployments (Docker)
Experience with monitoring and observability: Grafana, Sentry, log aggregation
Experience in the web hosting security domain (cPanel, Plesk, shared hosting environments)
Background in machine learning applied to malware detection (transformers, LLMs for code analysis)
Experience with GCP (Secret Manager, Cloud Storage)
Familiarity with PHP internals and PHP emulation for dynamic analysis
Track record of building and scaling cloud antivirus / threat intelligence platforms
Experience managing geographically distributed teams
Technical Stack
Languages: Python (primary), Rust, PHP, SQL
Orchestration: Apache Airflow, Celery, Redis
Databases: ClickHouse, MongoDB, PostgreSQL, Redis
Storage: Ceph, S3-compatible storage
Infrastructure: Bare metal (Atman DC), Nebula, Docker, GCP
CI/CD: Jenkins, GitLab
Monitoring: Grafana, Redash, Sentry
Benefits
What's in it for you?
A focus on professional development.
Interesting and challenging projects.
Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide.
Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
Compensation for private medical insurance.
Co-working and gym/sports reimbursement.
Budget for education.
The opportunity to receive a reward for the most innovative idea that the company can patent.
By applying for this position, you consent to the processing of your personal data as described in our Privacy Policy (https://cloudlinux.com/candidate-privacy-notice), which provides detailed information on how we maintain and handle your data.