Security Engineer

About the role

We're looking for a Security Engineer to be a key hire on our Engineering team and own our cloud and product security posture as we scale. You'll work across our AWS and Cloudflare estate, harden our secure SDLC, run pen testing efforts end-to-end, and threat-model the features powering our connectors, OAuth flows, and agent execution paths. It's a hands-on, DevSecOps-heavy role: you write code, ship tooling, and embed security into how engineers work every day. You'll report directly to the CTO and have broad scope across the platform (from CI/CD pipelines to multi-tenant APIs to incident response on authentication flows).

Responsibilities

• Own the secure SDLC: drive SAST, dependency scanning, secrets detection, and PR-blocking standards across every repository.
• Harden our AWS and Cloudflare estate: IAM, secrets, network segmentation, KMS, WAF, GuardDuty, and zero-trust patterns.
• Run pen testing end-to-end: scope and coordinate engagements with both AI-driven scanners and human researchers, then drive findings through fix and retest.
• Threat-model product features before they ship, new Auth provider, expanded multi-tenant APIs, connector executions, agent tool-calling paths etc.
• Build detection and response capability around credential and authentication flows, with observability that closes incidents fast.
• Partner with engineering to raise the bar day-to-day: architecture reviews, written standards, and security embedded in code review.
• Use LLMs and agents to accelerate security workflows (triage, code review, evidence gathering) with guardrails you trust and help secure and monitor the (code/application/device) fleet.
• Support compliance work where it intersects security engineering: SOC 2, ISO 27001, customer security reviews, and pen test responses.

Requirements

• 3+ years in security engineering with hands-on AWS security: IAM, KMS, networking, secrets, GuardDuty / Security Hub.
• Strong coding ability in TypeScript or Python or Go comfortable shipping production code, not just configs and scripts.
• Application security fluency: OWASP Top 10, threat modeling, and code-level reviews on real systems.
• Experience securing a B2B SaaS multi-tenant production environment.
• Comfort owning end-to-end work: scope, ship, measure. You don't wait for a queue.
• Clear communication with engineers, product, and non-technical stakeholders.
• Bias toward automating security checks instead of running manual checklists.
• (Preferred) IaC fluency in AWS CDK or Terraform , comfortable reviewing infrastructure code for security misconfigs and writing custom scanning rules.
• (Preferred) Experience with Aikido, Drata, Cloudflare Workers, or pen testing in a compliance-mature environment.
• Our Stack
• We're pragmatic about tooling. Today's stack includes:
• Cloud & infra: AWS (ECS, RDS, Lambda, KMS, GuardDuty, Security Hub, Inspector), Cloudflare (Workers, WAF, Zero Trust)
• IaC: AWS CDK, Terraform
• Security tooling: Aikido (SAST, DAST, container scanning, pen testing), 1Password, GitHub (org-level enforcement, Advanced Security)
• Compliance & ops: Drata, Iru, EasyLlama
• Observability & IR: Datadog, Sentry, Logfire, Incident.io
• Languages: TypeScript (Node.js), Python

Benefits

Additional Information

About StackOne: StackOne is the AI Integration Gateway for SaaS products and AI Agents. Backed by GV and Workday Ventures ($24M raised), we help builders of SaaS platforms and AI Agents orchestrate hundreds of scalable, accurate, and enterprise-grade integrations. Our platform combines 25,000 pre-mapped actions on 200 connectors, an AI-powered integration development toolkit, plus security by design: a real-time architecture, managed authentication and permissions, and end-to-end observability. Join us on our fast trajectory to build the future of agentic integrations.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at stackone? Share your experience