Application Security Engineer

About Oneleet Oneleet is one of the fastest-growing security and compliance platforms in history. We are on a mission to change the compliance and security industry by making cybersecurity and compliance effective, easy, and painless. We provide a platform that helps companies build, manage, and monitor their cybersecurity programs and achieve compliance standards such as SOC 2 and ISO 27001 efficiently, without cutting corners. Having just raised a $33 million Series A , we are rapidly growing in customers and employees. Our team has decades of experience in security and compliance. Join our team of opinionated rebels and help us build a category-defining company reshaping the broken and fragmented compliance and cybersecurity industry. Who we’re looking for: We value passionate self-starters with a growth mindset and a bias for action and personal accountability. If you love solving hard problems, thrive in ambiguity, and want to make a real impact, you’ll fit right in. We’re especially drawn to: Rebels with a cause — frustrated with the status quo and eager to disrupt it. Opinionated (but not obstinate) builders — decisive yet collaborative, who help us move fast. Clear communicators — who own their ideas and follow through. Our mission is simple: make effective cybersecurity painless. We believe cybersecurity should empower, not burden. This belief unites our team and drives every decision we make. If you’re ready to challenge the status quo and help shape the future of cybersecurity, we’d love to meet you. As an Application Security Engineer at Oneleet, you'll bring security depth to our product engineering teams as we expand our cybersecurity platform. You'll own the security judgment layer that sits between raw tooling output and what our customers actually see — deciding what to surface, what to suppress, and how to make findings genuinely useful rather than noisy. This is a hands-on, security-first engineering role at a Series A startup. You'll work closely with backend and fullstack engineers on how findings are stored, enriched, and presented, and you'll partner with product and design on what to build next. You'll be the security voice in product and engineering decisions, and you'll be empowered to push back when security judgment requires it. You'll work directly with customers — security teams using the platform day-to-day — to understand what they actually need, and iterate quickly based on their feedback. Key Responsibilities: Own the integration, configuration, and output quality of security tooling that powers our platform Tune outputs to maximize signal and minimize noise — decide what to surface, what to suppress, and what to enrich Design rules, severity scoring, and triage flows that make findings actionable rather than overwhelming Build the security judgment layer on top of underlying tooling — context-aware prioritization and exploitability reasoning Partner with engineers on how findings are presented in the UI and how remediation flows work Work with PM and design on roadmap priorities, providing the security expertise that drives what to build next Review and shape architectural choices that affect security outcomes Engage with customers directly to understand how they use the platform and what's blocking adoption Benchmark our output quality against competitors and close gaps where they exist Contribute back to the open source security tooling we depend on where it makes sense Qualifications: 5+ years of application security experience, with significant time shipping security products Strong programming skills in at least one of Go, Python, or TypeScript — this is a product engineering role with security depth, not security operations Hands-on experience tuning security tooling for production use — reducing false positives, building suppression logic, designing severity models Understanding of vulnerability research, CVE/CWE taxonomies, and exploit reasoning Has worked through what makes a security finding actually actionable vs. just technically true Excellent communication skills and comfort working directly with customers Pragmatic; knows how to build things fast without unnecessarily complicating things Experience in (and thrives in) a fast-moving, start-up engineering environment Bonus Experience: Prior experience shipping a security product at a vendor Contributions to open source security tooling Offensive security background or OSCP / similar certifications Hands-on experience with LLM agents, tool use, or autonomous AI systems You should apply if any of the following excite you: Owning the security depth of a product from tooling integration to user-facing findings Being the security voice in a product team that ships fast and listens to customers Building on top of best-in-class open source tooling rather than reinventing from scratch Working directly with security teams using the product and iterating on real-world feedback Joining a small, scrappy team where your security judgment shapes both the product and the company Why Oneleet? At Oneleet, you’ll join a tight-knit team of rebels redefining the cybersecurity industry. We move fast, own our work, and challenge outdated models to make security effortless and effective for companies. Here’s what makes us special: We value impact over titles, autonomy over micromanagement, and clarity over jargon. You’ll tackle meaningful, hard problems with real-world consequences. You’ll work with smart, kind, and ambitious teammates who lift each other up. Perks & Benefits Comprehensive health & wellness benefits 20 days PTO per year, plus 8 floating holiday Remote work culture Team off-sites in stunning places (Amsterdam, Italy, etc). Competitive compensation & equity We hire globally and compensate competitively within each market using geographic pay bands. The range for this role reflects a US national baseline. Offers for candidates in higher cost-of-labor markets (e.g., San Francisco, New York, Zurich) may fall at or above the top of the posted range, while offers in other markets are benchmarked to local standards and are lower. Within any range, individual compensation is determined by work location, skills and experience demonstrated through the interview process, and relevant education or training. This posting reflects base salary only and does not include equity or benefits. Remote-First & Global Hiring We’re a remote-first company and hire globally in regions where we can legally engage talent directly or via our employer-of-record (EOR) partner. If you’re based outside the U.S., we’ll explore the most compliant hiring arrangement for your location. We make hiring decisions based on merit, skills, and potential regardless of location. U.S. Hiring & E-Verify For U.S.-based candidates, Oneleet participates in E-Verify to confirm employment eligibility, in accordance with federal regulations. We are an equal opportunity employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other characteristic protected by applicable law.

{
  "content_hash": "d1dbd67107a589203d77f63ffa7e0847e6f12844981dbf25d3df8864e85c575e",
  "source_hash": "ff1cee15667b8a1e1928936c3854b3d22fc18c8977147dfa8f1b592c1b450625",
  "last_changed_at": "2026-06-06T09:32:34.790Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "United States",
    "city": null,
    "region": null,
    "country": "United States",
    "is_remote": true,
    "confidence": 0.95
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T09:32:34.754Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "United States",
      "city": null,
      "region": null,
      "country": "United States",
      "is_remote": true,
      "confidence": 0.95
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "remote",
  "salary_period": null,
  "workplace_type": "remote",
  "salary_currency": null
}

{}

{
  "id": "e3859be5-74ea-4fb5-a1c3-7e54626b1dee",
  "team": "Engineering/Dev",
  "title": "Application Security Engineer",
  "jobUrl": "https://jobs.ashbyhq.com/oneleet/e3859be5-74ea-4fb5-a1c3-7e54626b1dee",
  "address": null,
  "applyUrl": "https://jobs.ashbyhq.com/oneleet/e3859be5-74ea-4fb5-a1c3-7e54626b1dee/application",
  "isListed": true,
  "isRemote": true,
  "location": "United States",
  "updatedAt": null,
  "apiVersion": "ashby-non-user-graphql-v1",
  "department": "Engineering/Dev",
  "publishedAt": null,
  "workplaceType": "Remote",
  "employmentType": "FullTime",
  "secondaryLocations": []
}