Senior Engineer (AI Governance)

About StackOne:

StackOne is the AI Integration Gateway for SaaS products and AI Agents. Backed by GV and Workday Ventures ($24M raised) we help builders of SaaS platforms and AI Agents orchestrate hundreds of scalable accurate and enterprise-grade integrations. Our platform combines 25000 pre-mapped actions on 200 connectors an AI-powered integration development toolkit plus security by design: a real-time architecture managed authentication and permissions and end-to-end observability.

Join us on our fast trajectory to build the future of agentic integrations.

Own how enterprises govern the tools their agents can reach: the enrollment provisioning policy posture and identity-bound access layer that does for agent tooling what MDM and EDR (Jamf Iru CrowdStrike) do for devices and what API gateways do for API traffic at gateway scale.

Why this role exists

StackOne is the tools gateway for agents: the secure token-efficient layer through which AI agents reach 200 enterprise SaaS systems. As enterprises connect agents to real tools and real data governance becomes the defining problem: who or what may invoke which tool with which scopes against which data under which conditions and how you catch it when something drifts misbehaves or turns into a vulnerability.

The mental model

What MDM EDR and identity platforms did for devices & software access and what API gateways did for API traffic applied to the tools agents use:

• Enroll & inventory devices register and inventory the tools agents can reach (servers APIs connected accounts)

• Provision apps and configs to devices provision agent and user access to specific tools and scopes

• Compliance baselines and config profiles policy for tool scope and data access with conditional rules and guardrails

• Authenticate authorize and rate-limit every API call (API gateway) authenticate authorize and govern every tool call an agent makes through the gateway

• Continuous posture and vulnerability monitoring continuous posture monitoring of connected tools and their usage

• Telemetry detection and response (EDR) instrumentation of tool traffic anomaly and abuse detection containment controls

• Bind device identity to the corporate IdP bind agent and tool access to enterprise identity (OAuth 2.1 SSO SCIM)

What youll work on

• Provisioning lifecycle for tool access enroll grant rotate revoke across our managed auth and connector-profile layer so builders and end users never hand-wire OAuth apps.

• Policy and enforcement shape the authoring versioning and runtime enforcement of access policies (including LLM assisted policy generation): which agent which tool which scope which data classes conditional on identity and context. This is central to our agent-permissioning work.

• Posture and risk continuous assessment of connected tools and the SaaS behind them; surface risky scopes stale grants and anomalous invocation patterns.

• Instrumentation and telemetry deepen structured queryable visibility into the tool calls flowing through the gateway with the latency discipline of a system on the hot path.

• Identity integration extend our OAuth 2.1 SSO and SCIM story so policy and provisioning stay bound to enterprise identity rather than bolted on.

• Detection and response the agent-era analog of EDR: define what bad looks like surface it and give operators the controls to contain it.

What were looking for

• Strong software engineering fundamentals comfortable owning a system end-to-end in production.

• Built or operated at least one of: an API gateway / management platform (Kong Apigee Zuplo AWS API Gateway and similar) MDM/UEM (Jamf Kandji Intune Workspace ONE Google Workspace MDM) EDR/XDR (CrowdStrike SentinelOne and similar) or a comparable policy-driven provisioning posture or access-control platform. Crossover across more than one of these is a real plus.

• Built a policy or rules engine authoring model evaluation enforcement versioning. You know the difference between expressing a policy and enforcing it at runtime.

• Identity systems OAuth/OIDC SAML SSO SCIM with a real grasp of scopes grants token lifecycle and least privilege in practice.

• Telemetry and instrumentation of a system on the request path and the trade-offs of monitoring without adding meaningful latency.

• LLM an AI experience - youve used if not built MCP servers before you understand the governance and guardrails problems linked to AI usage and have created AI Agents before

Nice to have

• Security background: vulnerability management threat detection or compliance posture (SOC 2 / ISO 27001 environments).

• Experience shipping a product that other developers configure and rely on (platform / API empathy).

• Built or contributed in public (OSS specs write-ups).

Who youll work with

Reporting into engineering leadership partnering closely with the founders (Romain CEO; Guillaume CTO) and the security and platform engineers. This is a high-ownership role on a strategic pillar of StackOnes roadmap. Youll set be able to the technical direction for how StackOne governs agent access to tools for the IT and security leaders who decide whether agents get to touch real systems.

Required Experience:

Senior IC