Security Engineer (Offensive Ops & Automation) for a Sustainability SaaS
Share
Job Location:
Monthly Salary:
Posted on:
5 hours ago
Vacancies:
1 Vacancy
Job Summary
One Click LCA is decarbonizing the global construction industry and handling massive datasets and critical BIM integrations. We are looking for a Security Engineer who thinks like a hacker and builds like an engineer. This is a hands-on deeply technical role and not a compliance or audit position. We need a practitioner who can design and implement an automated resilient defence-in-depth security architecture that scales with our global footprint.
Our technology powers the makers of a zero-carbon future
One Click LCA is a fast-growing and profitable Software-as-a-Service (SaaS) growth company. Used in 170 countries leading end-to-end sustainability platform for construction and manufacturing. The AI-powered software decarbonises and drives sustainability across the construction value chain with scientific easy-to-use automated life-cycle assessment (LCA) and environmental product declarations (EPDs) to calculate and reduce the environmental impacts of building infrastructure and renovation projects and products.
You will join a supportive effective and mission-oriented team in a flexible friendly and international work environment and have a great deal of autonomy in your role.
This full-time permanent position is available on a remote basis for candidates based in India.
What you will do:
Continuous Offensive Ops: Conduct deep-dive manual penetration tests on our AWS-native stack and APIs then automate those exploits into continuous security tests.
Security as Code: Own the security layer of our pipelines. Implement and tune SAST/DAST/SCA to ensure high-signal automated gating.
Direct Remediation: You have push rights. You will collaborate with developers to fix vulnerabilities at the source or refactor insecure Infrastructure as Code.
Cloud Hardening: Architect and enforce security boundaries across AWS (and Azure) using IAM policy-as-code and automated guardrails.
Your technical profile:
The Mindset: You are a builder who thinks like an attacker. You have likely hunted bugs competed in CTFs or built your own security tools.
AWS Mastery: Deep experience securing AWS environments. Familiarity with Azure is a strong plus.
Automation/DevSecOps: Proficient in Python and Java and good knowledge of Terraform GitHub Actions and Code quality tools e.g. SonarQube.
Exploitation Skills: Expert knowledge of web/API vulnerabilities (OWASP Top 10) and the ability to demonstrate manual exploitation before automating the detection.
Why One Click LCA:
High Agency: This is an engineering role not management. You define the tools and the strategy.
Push Access: You are not just filing tickets; you are shipping secure code.
Purpose: Protect the data that is actively fighting climate change.
Modern Stack: Cloud-native and high-growth.
Work in a growing business that helps bring about a zero-carbon future
Competitive compensation and opportunity for professional development
Interested
We are eager to receive your application by 16 January 2026. Applications are reviewed on reception so please apply swiftly.
Key Skills
- S3
- Mechanical Design
- Design Controls
- Identity & Access Management
- Minitab
- Root cause Analysis
- SolidWorks
- Plastics Injection Molding
- Product Development
- Manufacturing
- GitLab
- Trane TRACE
About Company
One Click LCA is a Helsinki-based tech company decarbonizing construction and manufacturing with world-leading, easy-to-use, and automated life-cycle assessment (LCA) to calculate and reduce the environmental impacts of building, infrastructure, and renovation projects — as well as co ... View more
