Java Security Researcher

CloudLinux is seeking a Java Security Researcher to join its remote-first Endless Lifecycle team. This role involves providing secure Java instrumentation for diverse Java-based environments. The researcher will analyze publicly disclosed Java vulnerabilities, identify safe dependencies, backport security patches, and mitigate unpatched issues. The position requires deep Java expertise and a revolutionary approach to creating groundbreaking security solutions.

Must Have

• Analyze publicly disclosed vulnerabilities (CVEs) affecting Java open-source libraries and frameworks.
• Investigate and identify safe and compatible versions of third-party dependencies.
• Backport security patches from newer releases to older versions.
• Fix or mitigate vulnerabilities where no upstream patch exists.
• Write clean, maintainable, and well-documented code.
• Collaborate with other engineers and security specialists.
• 3+ years of experience in software development.
• In-depth knowledge of Java Core.
• Experience with dependency management tools (Maven, Gradle).
• Experience with Git, Jenkins/Gitlab for CI/CD.
• Experience with legacy systems and maintaining backward compatibility.

Good to Have

• Experience with repository management systems, such as Nexus.

Perks & Benefits

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours.
• Paid 24 days of vacation per year.
• 10 days of national holidays.
• Unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.

Description

CloudLinux is a global, remote-first company. We are driven by our principles: Do the right thing, employees first, we are remote first, and we deliver high-volume, low-cost Linux infrastructure and security products that help companies to increase the efficiency of their operations. Every person on our team supports each other and does what we can to ensure everyone is successful.

We are truly a great place to work.

We are looking for a talented and passionate Java Security Researcher to join our team. In this role, you will be working on the Endless Lifecycle team, where you will have the opportunity to make a significant impact by providing secure Java instrumentation for heterogeneous Java-based environments.

We are looking for someone with extensive expertise in Java tools and a fresh and revolutionary approach. This challenging mission requires a deep understanding of Java tools and a keen eye for creating groundbreaking solutions.

As a Java Security Researcher, you will:

• Analyze publicly disclosed vulnerabilities (CVEs) affecting Java open-source libraries and frameworks.
• Investigate and identify safe and compatible versions of third-party dependencies.
• Backport security patches from newer releases to older versions.
• Fix or mitigate vulnerabilities where no upstream patch exists.
• Write clean, maintainable, and well-documented code.
• Collaborate with other engineers and security specialists to deliver high-quality, production-ready updates.

Requirements

To be successful, you should have:

• 3+ years of experience in software development
• In-depth knowledge of Java Core
• Experience with dependency management tools (Maven, Gradle)
• Experience with Git, Jenkins/Gitlab for CI/CD
• Experience with legacy systems and maintaining backward compatibility
• Experience with repository management systems, such as Nexus, is a plus

Benefits

What's in it for you?

• A focus on professional development.
• Interesting and challenging projects.
• Fully remote work with flexible working hours, that allows you to schedule your day and work from any location worldwide.
• Paid 24 days of vacation per year, 10 days of national holidays, and unlimited sick leaves.
• Compensation for private medical insurance.
• Co-working and gym/sports reimbursement.
• Budget for education.
• The opportunity to receive a reward for the most innovative idea that the company can patent.