This job has expired

This position was posted on November 4, 2025 and is likely no longer accepting applications. We've kept it here for historical reference. Check out the similar jobs below!

Software Engineer, Cloud Security Posture Management

Oneleet Inc.

Job Overview

Location

Beaverton

Job Type

Full-time

Full Job Description

📋 Description

• Own the end-to-end development of Oneleet’s Cloud Security Posture Management (CSPM) engine, extending our ability to discover, assess, and remediate risks across AWS, GCP, and Azure in real time.
• Design and implement cloud-provider integrations that ingest resource metadata, configuration drift, IAM policies, encryption settings, network ACLs, and compliance evidence at petabyte scale while gracefully handling throttling, pagination, and eventual consistency quirks unique to each vendor.
• Author declarative security policies and detection rules (written in Rego, YAML, or Go) that translate CIS, NIST, SOC 2, and PCI-DSS controls into actionable findings—flagging everything from publicly exposed S3 buckets to over-privileged service accounts—then surface them through a clean, prioritized UI.
• Build resilient data pipelines that normalize heterogeneous API responses into a unified security graph, leveraging streaming queues, idempotent writes, and schema versioning so customers always see an accurate, up-to-date risk posture.
• Create risk-scoring algorithms that weigh exploitability, business impact, and compensating controls so security teams can focus on the 5 % of alerts that actually matter, reducing alert fatigue and accelerating remediation SLAs.
• Develop self-healing infrastructure using Terraform, Kubernetes, and Go services that auto-scale with customer growth, maintain 99.9 % uptime, and emit rich metrics to Datadog for proactive alerting on latency, error rates, and cost anomalies.
• Contribute to our open-source policy libraries and publish technical blogs that establish Oneleet as a thought leader in cloud security, while gathering community feedback to continuously sharpen our detection logic.
• Collaborate directly with founders, product, and customers in weekly design jams to translate real-world breach stories into new product capabilities—ensuring every line of code you ship meaningfully reduces global cyber risk.
• Champion engineering excellence by introducing integration testing harnesses, property-based tests, and chaos experiments that harden our CSPM platform against provider outages, credential rotation, and zero-day misconfigurations.
• Mentor junior engineers through pair programming, architecture reviews, and lunch-and-learn sessions, cultivating a culture where knowledge is shared freely and everyone levels up together.
• Participate in quarterly off-sites in places like Amsterdam or the Italian Alps—blending strategic planning with gelato-fueled brainstorming—to align the team on roadmap bets and celebrate wins.

🎯 Requirements

• 3+ years of backend development in a strongly typed compiled language (Go strongly preferred; Java, C#, C++, or Rust acceptable).
• Proven experience building or maintaining SaaS platforms that integrate with REST APIs at scale and handle large SQL datasets.
• Solid grasp of SQL schema design, query optimization, and transactional integrity.
• Nice-to-have: hands-on exposure to cloud security concepts (IAM, KMS, VPC, GuardDuty, Security Command Center) or prior work in an infosec role.
• Nice-to-have: familiarity with OAuth 2.0, OIDC, SAML, or other authentication/authorization protocols and API security best practices.

🏖️ Benefits

• Comprehensive health & wellness package covering medical, dental, vision, and mental-health support.
• Competitive salary plus meaningful equity in a Y Combinator–backed seed-stage company positioned to define a new category.
• Generous PTO plus floating holidays so you can honor the moments and traditions that matter most to you.
• Remote-first culture with quarterly off-sites in inspiring global destinations (recent trips: Amsterdam, Italy) to recharge and strategize together.

Skills & Technologies

Java

Rust

AWS

Azure

Remote

Degree Required

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Oneleet Inc.

Visit Website

About Oneleet Inc.

Oneleet provides a cybersecurity compliance automation platform that maps enterprise security controls to SOC 2, ISO 27001, HIPAA, and PCI-DSS frameworks. The software ingests evidence from cloud services, endpoint tools, and ticketing systems, continuously monitors configurations, and generates auditor-ready documentation and gap reports. Organizations use it to reduce manual work, accelerate certification timelines, and maintain ongoing compliance through automated evidence collection and remediation guidance.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.