Oneleet is a Y Combinator-funded cybersecurity startup that aims to make effective cybersecurity easy and painless for companies. The company provides a full-coverage cybersecurity platform through which companies can build, manage, and monitor their cybersecurity management program.

The core product is a roadmap for companies that helps them become secure and build trust with their partners, which requires the implementation of numerous solutions like penetration testing, vulnerability assessments, awareness training, static code scanning, endpoint monitoring, and more.

Please only apply directly to this job posting. Messages sent outside of this platform will not be considered.

The why behind this position:

At Oneleet we provide a platform that makes it easy for our clients to become secure and compliant. Our Cloud Security Posture Management (CSPM) product is a critical component of our all-in-one security platform, continuously monitoring cloud environments to identify misconfigurations, compliance violations, and security risks before they become vulnerabilities.

As our client base is rapidly expanding, we need to strengthen our CSPM engineering team. While integrations with cloud providers and security tools remain a huge part of CSPM, we need engineers who can work across the entire product - from building and maintaining cloud integrations to developing security policies, improving detection logic, and ensuring our monitoring systems are robust and reliable.

One of the most common complaints we get from clients relates to reliability and coverage gaps in our CSPM product, so bringing on someone with experience building scalable, robust cloud security solutions is very important for us at this time.

Job Description:

As a security platform for startups, our CSPM product monitors cloud environments across AWS, GCP, and Azure to ensure customers are configured securely. For example, we detect exposed storage buckets, verify encryption standards, identify overly permissive IAM policies, and track compliance with security frameworks.

You will extend and improve Oneleet's CSPM capabilities, working on everything from cloud provider integrations to security policy development. You'll contribute to the design and implementation of cloud security monitoring features, build detection rules for new attack vectors, and ensure our CSPM product scales reliably as customers' cloud footprints grow. You'll work with various security solutions including vulnerability assessments, compliance scanning, configuration monitoring, and risk scoring systems.

As a seed stage startup, you'll have the opportunity to collaborate with the founding team to understand business/customer needs and contribute to building the core technology that powers the Oneleet platform.

Key Responsibilities:

• Build and maintain cloud provider integrations to discover resources, monitor configurations, and detect security risks across multi-cloud environments
• Develop security policies and detection rules to identify misconfigurations, compliance violations, and emerging threats
• Design systems that structure and validate diverse cloud data sources, handling inconsistent APIs and evolving cloud services
• Create comprehensive documentation for CSPM features, security findings, and remediation guidance
• Ensure reliable monitoring and alerting for both customer environments and our own CSPM infrastructure
• Contribute to risk scoring algorithms and prioritization logic to help customers focus on critical issues
• Improve engineering standards, tooling, and processes

Qualifications:

• Experience with strongly typed compiled languages like Go, Java, C#, C++, or Rust. We strongly prefer Go experience.

• 3+ years of development experience, ideally with a focus on backend APIs, integrations, or networking

• Experience with SQL

• Experience building, architecting, or maintaining SaaS platforms

• Experience integrating with REST APIs, implementing solutions based on documentation, or parsing data from sources like spreadsheets

  Bonus: Experience in the information security field

• Bonus: Knowledge of authentication methods like OAuth 2.0, OIDC, SAML and API security best practices

• Bonus: Experience with integration testing and debugging tools

• Bonus: Bachelor's or Master's degree in Computer Science or related field

You should apply if any of the following excite you:

• Making the world a more secure, privacy focused, and trusted place.
• Automating processes that have a huge impact and save time for many companies at once including a large part of the YC startup community.
• Autonomy and the ability make change within the company.
• Working with passionate engineers who care a lot about the product.

The type of person we’re looking for:

At Oneleet we value individuals who are passionate and motivated to make a large impact in the cybersecurity ecosystem. We are looking for rebels with a growth mindset who love to take ownership, who exhibit excellent communication skills, and who have a "can-do" attitude towards technical challenges and innovation.

A rebel’s mindset — we’re frustrated with the state of the cybersecurity industry, and believe that a rebel mindset is key to changing it. Opinionated (but not obstinate) — we believe that having an opinion is better than having no opinion, and helps us move quicker.

The mission and culture at Oneleet:

Our mission at Oneleet is to make effective cybersecurity as painless as possible.

Oneleet is home to a team of ambitious, kind-hearted hacker rebels. We're opinionated, yet open-minded and always ready to learn. We thrive on moving swiftly, yet responsibly. We're driven to disrupt stagnant business models and build a company that values user experience and easy-to-use, efficient products.

We're serious about our aspiration to become a decacorn. If our mission resonates with you and you're eager to join our band of rebels, we'd love to hear from you!

We use Go and Prisma/Postgres on the backend and Typescript with React on the frontend. For task orchestration we use Temporal. Our applications are hosted on GCP using K8s.