Application Security Engineer

🕒 May 28

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Oneleet

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2022

📋 Compliance

🔒 Cybersecurity

☁️ SaaS

Compliance • Cybersecurity • SaaS

Oneleet is a security and compliance SaaS platform that helps companies achieve and maintain audit-ready posture for frameworks like SOC 2, ISO 27001, HIPAA and GDPR while delivering real, continuous cybersecurity. The platform unifies controls, policies, evidence collection, and automated security tooling (attack surface monitoring, code scanning, vulnerability management) and pairs automation with expert services such as penetration testing and vCISO to both pass audits and reduce actual risk. Oneleet is designed to integrate with existing developer and cloud stacks and to turn remediation work into documented compliance evidence.

📋 Description

• Own the integration, configuration, and output quality of security tooling that powers our platform • Tune outputs to maximize signal and minimize noise — decide what to surface, what to suppress, and what to enrich • Design rules, severity scoring, and triage flows that make findings actionable rather than overwhelming • Build the security judgment layer on top of underlying tooling — context-aware prioritization and exploitability reasoning • Partner with engineers on how findings are presented in the UI and how remediation flows work • Work with PM and design on roadmap priorities, providing the security expertise that drives what to build next • Review and shape architectural choices that affect security outcomes • Engage with customers directly to understand how they use the platform and what's blocking adoption • Benchmark our output quality against competitors and close gaps where they exist • Contribute back to the open source security tooling we depend on where it makes sense

🎯 Requirements

• 5+ years of application security experience, with significant time shipping security products • Strong programming skills in at least one of Go, Python, or TypeScript — this is a product engineering role with security depth, not security operations • Hands-on experience tuning security tooling for production use — reducing false positives, building suppression logic, designing severity models • Understanding of vulnerability research, CVE/CWE taxonomies, and exploit reasoning • Has worked through what makes a security finding actually actionable vs. just technically true • Excellent communication skills and comfort working directly with customers • Pragmatic; knows how to build things fast without unnecessarily complicating things • Experience in (and thrives in) a fast-moving, start-up engineering environment • Bonus: Prior experience shipping a security product at a vendor • Bonus: Contributions to open source security tooling • Bonus: Offensive security background or OSCP / similar certifications • Bonus: Hands-on experience with LLM agents, tool use, or autonomous AI systems

🏖️ Benefits

• Comprehensive health & wellness benefits • 20 days PTO per year, plus 8 floating holiday • Remote work culture • Team off-sites in stunning places (Amsterdam, Italy, etc). • Competitive compensation & equity