Oneleet is a Y Combinator-funded cybersecurity startup that aims to make effective cybersecurity easy and painless for companies. The company provides a full-coverage cybersecurity platform through which companies can build, manage, and monitor their cybersecurity management program.

The core product is a roadmap for companies that helps them become secure and build trust with their partners, which requires the implementation of numerous solutions like penetration testing, vulnerability assessments, awareness training, static code scanning, endpoint monitoring, and more.

About Oneleet:

Oneleet is a cybersecurity startup with a mission to revolutionize the industry. We make effective cybersecurity easy and painless for companies by providing a comprehensive platform that helps them build, manage, and monitor their cybersecurity management program.

Backed by top-tier venture capital firms including Y Combinator, our founding team brings over 10 years of penetration testing and cybersecurity experience. Join our team of opinionated rebels and help us create a category-defining company reshaping the broken and fragmented cybersecurity industry.

The Role:

The Internal Security Compliance Auditor plays a critical role in ensuring the quality and completeness of client evidence prior to formal compliance audits. Working behind the scenes, you'll partner with our Security Program Engineers to review controls documentation, validate evidence quality, and perform final quality assurance checks across multiple compliance frameworks including SOC2, ISO27001, PCI, HIPAA, and GDPR.

Your expertise will strengthen our clients' compliance posture while maintaining the high standards that differentiate Oneleet in the marketplace. This position requires deep technical knowledge of compliance frameworks combined with meticulous attention to detail.

Key Responsibilities:

• Perform thorough reviews of client-uploaded evidence for compliance frameworks including SOC2, ISO27001, PCI, HIPAA, and GDPR
• Conduct detailed quality assurance checks on individual controls to verify completeness, accuracy, and sufficiency
• Execute comprehensive final QA reviews prior to client compliance audits
• Identify gaps or weaknesses in evidence documentation and recommend improvements
• Develop and maintain internal QA standards and review methodologies
• Create guidance documents to help clients improve evidence quality
• Collaborate with Security Program Engineers to address compliance gaps
• Stay current on evolving compliance requirements across multiple frameworks
• Track audit readiness metrics and identify opportunities for process improvement
• Provide expert feedback to our product team for compliance platform enhancements

Requirements:

• Deep understanding of SOC2, ISO27001, PCI, HIPAA, and GDPR requirements
• Strong technical knowledge of security controls and their implementation
• Experience reviewing and evaluating evidence for compliance audits
• Excellent attention to detail and quality control mindset
• Strong written communication skills for documenting findings
• Ability to work independently while supporting multiple client engagements
• Familiarity with compliance automation platforms and tools
• Some experience in compliance auditing, preferably with multiple frameworks
• Certification in relevant frameworks (e.g., CISA, ISO 27001 Lead Auditor) preferred

Why Oneleet:

At Oneleet, you'll join a tight-knit crew of cybersecurity rebels on a mission to reshape the industry. We move fast, take ownership, and aren't afraid to disrupt stagnant business models to make security effortless for companies.

Our "work hard, play hard" culture means we hold ourselves to high standards, then celebrate wins. Our leading-edge tech stack keeps things exciting for any geek. And our experienced team ensures you're always sharpening your skills.

You'll have a blast doing deeply meaningful work. Expect hard problems, lots of autonomy, and plenty of growth. If you want your work to drive real change, this is the place to make your impact.

We offer competitive compensation, equity, plenty of PTO, flexible remote work, and quarterly off-sites to cool places (most recent one was in Amsterdam). But our mission is what really sets us apart.

If you're a passionate cybersecurity professional ready to elevate compliance standards and help our clients succeed, join our crew today!

We use Go and Prisma/Postgres on the backend and Typescript with React on the frontend. For task orchestration we use Temporal. Our applications are hosted on GCP using K8s.