[Remote] Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. Oneleet is one of the fastest-growing security and compliance platforms in history, aiming to make cybersecurity and compliance effective and easy. As an Application Security Engineer, you will enhance security within product engineering teams and be responsible for the integration and output quality of security tools, ensuring actionable findings for customers.
Responsibilities
- Own the integration, configuration, and output quality of security tooling that powers our platform
- Tune outputs to maximize signal and minimize noise — decide what to surface, what to suppress, and what to enrich
- Design rules, severity scoring, and triage flows that make findings actionable rather than overwhelming
- Build the security judgment layer on top of underlying tooling — context-aware prioritization and exploitability reasoning
- Partner with engineers on how findings are presented in the UI and how remediation flows work
- Work with PM and design on roadmap priorities, providing the security expertise that drives what to build next
- Review and shape architectural choices that affect security outcomes
- Engage with customers directly to understand how they use the platform and what's blocking adoption
- Benchmark our output quality against competitors and close gaps where they exist
- Contribute back to the open source security tooling we depend on where it makes sense
Skills
- 5+ years of application security experience, with significant time shipping security products
- Strong programming skills in at least one of Go, Python, or TypeScript — this is a product engineering role with security depth, not security operations
- Hands-on experience tuning security tooling for production use — reducing false positives, building suppression logic, designing severity models
- Understanding of vulnerability research, CVE/CWE taxonomies, and exploit reasoning
- Has worked through what makes a security finding actually actionable vs. just technically true
- Excellent communication skills and comfort working directly with customers
- Pragmatic; knows how to build things fast without unnecessarily complicating things
- Experience in (and thrives in) a fast-moving, start-up engineering environment
- Prior experience shipping a security product at a vendor
- Contributions to open source security tooling
- Offensive security background or OSCP / similar certifications
- Hands-on experience with LLM agents, tool use, or autonomous AI systems
Benefits
- Comprehensive health & wellness benefits
- 20 days PTO per year, plus 8 floating holiday
- Remote work culture
- Team off-sites in stunning places (Amsterdam, Italy, etc).
- Competitive compensation & equity
- We hire globally and compensate competitively within each market using geographic pay bands. The range for this role reflects a US national baseline. Offers for candidates in higher cost-of-labor markets (e.g., San Francisco, New York, Zurich) may fall at or above the top of the posted range, while offers in other markets are benchmarked to local standards and are lower. Within any range, individual compensation is determined by work location, skills and experience demonstrated through the interview process, and relevant education or training. This posting reflects base salary only and does not include equity or benefits.
- Remote-First & Global Hiring
- We’re a remote-first company and hire globally in regions where we can legally engage talent directly or via our employer-of-record (EOR) partner. If you’re based outside the U.S., we’ll explore the most compliant hiring arrangement for your location. We make hiring decisions based on merit, skills, and potential regardless of location.
Company Overview