Application Security Engineer
About The Position
As an Application Security Engineer at Oneleet, you'll bring security depth to our product engineering teams as we expand our cybersecurity platform. You'll own the security judgment layer that sits between raw tooling output and what our customers actually see — deciding what to surface, what to suppress, and how to make findings genuinely useful rather than noisy. This is a hands-on, security-first engineering role at a Series A startup. You'll work closely with backend and fullstack engineers on how findings are stored, enriched, and presented, and you'll partner with product and design on what to build next. You'll be the security voice in product and engineering decisions, and you'll be empowered to push back when security judgment requires it. You'll work directly with customers — security teams using the platform day-to-day — to understand what they actually need, and iterate quickly based on their feedback.
Requirements
- 5+ years of application security experience, with significant time shipping security products
- Strong programming skills in at least one of Go, Python, or TypeScript — this is a product engineering role with security depth, not security operations
- Hands-on experience tuning security tooling for production use — reducing false positives, building suppression logic, designing severity models
- Understanding of vulnerability research, CVE/CWE taxonomies, and exploit reasoning
- Has worked through what makes a security finding actually actionable vs. just technically true
- Excellent communication skills and comfort working directly with customers
- Pragmatic; knows how to build things fast without unnecessarily complicating things
- Experience in (and thrives in) a fast-moving, start-up engineering environment
Nice To Haves
- Prior experience shipping a security product at a vendor
- Contributions to open source security tooling
- Offensive security background or OSCP / similar certifications
- Hands-on experience with LLM agents, tool use, or autonomous AI systems
Responsibilities
- Own the integration, configuration, and output quality of security tooling that powers our platform
- Tune outputs to maximize signal and minimize noise — decide what to surface, what to suppress, and what to enrich
- Design rules, severity scoring, and triage flows that make findings actionable rather than overwhelming
- Build the security judgment layer on top of underlying tooling — context-aware prioritization and exploitability reasoning
- Partner with engineers on how findings are presented in the UI and how remediation flows work
- Work with PM and design on roadmap priorities, providing the security expertise that drives what to build next
- Review and shape architectural choices that affect security outcomes
- Engage with customers directly to understand how they use the platform and what's blocking adoption
- Benchmark our output quality against competitors and close gaps where they exist
- Contribute back to the open source security tooling we depend on where it makes sense
Benefits
- Comprehensive health & wellness benefits
- 20 days PTO per year, plus 8 floating holiday
- Remote work culture
- Team off-sites in stunning places (Amsterdam, Italy, etc).
- Competitive compensation & equity
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
