About us
Onebrief makes military planning seamless and represents a shift in paradigm for future military decisions. It is an all-in-one tool that supports both the creative and process-oriented aspects of military planning. In Onebrief, planners use maps, boards, diagrams, timelines, slides and written products to create their plans—all while sharing a common database. Everything stays in sync, in real time. Our approach has been refined and validated through hundreds of user experiments.
Our product is currently in broad use at 8 of the largest military headquarters in the world. 3 of the 4 biggest operational plans in the US are currently built with Onebrief. Last year, we achieved 100% gross retention and 158% net retention—our revenue grew 4x and reached double-digit millions. We are backed by Y Combinator (S21) and top-tier VCs, including Caffeinated Capital (Affirm, Docker, Notion, and more) and Human Capital (Andruil, Brex, Snowflake, and more), and have raised a total of $44.6M in venture capital. Our elite team combines the best of tech and military talent, including education and experience at Google, Twitter, Adobe, MIT, Harvard, Special Operations, TOPGUN, and more.
What you will achieve
As an App Security Engineer at Onebrief, you'll regularly assess security, code, and vulnerabilities, and work with the software team to address weaknesses. You'll help implement security policies and procedures according to standards, advise on secure architecture and software design, and keep up-to-date with the latest threats and technologies. You will respond to incidents when needed. You will enhance the organization's security posture by staying updated on emerging threats and delivering security training programs.
About You
This is an opportunity for candidates who have a strong understanding of application-level security, network security, and operating system security. Who are familiar with security frameworks and have experience with vulnerability management tools, penetration testing tools, and other security testing tools.
The ideal candidate will have a strong background in application security, with experience in both the private sector and the U.S. Department of Defense. This role requires a deep understanding of security best practices, threat modeling, and secure software development lifecycle (SDLC) processes. The candidate should also possess relevant certifications such as the Offensive Security Certified Expert (OSCE).
You will report directly to our Deputy CISO
Relevant skills and technologies: Penetration Testing, Vulnerability Management, Operating Static and Dynamic Application Security Testing Tools, Kubernetes, Docker, Helm, Ansible, Linux, VMWare, AWS, Typescript
Qualifications
Strong knowledge of application security principles, web vulnerabilities, and threat landscape
Familiarity with security frameworks (OWASP, SANS), security controls, and risk management methodologies
Proficiency in secure coding practices and experience with various programming languages
Strong understanding of CI/CD pipelines and where security checks should be applied
Experience with vulnerability management tools, static/dynamic analysis tools, and penetration testing tools
Minimum 6 years of experience in application security or related roles. Bachelor's or Master's degree in Computer Science, Information Security, or a related field is desirable
Certifications such as Offensive Security Certified Expert (OSCE), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), and GIAC Web Application Defender (GWEB) are a plus
You are obsessed with creating value for real users
You are committed to performing up to your potential
You are ambitious, scrappy, and a creative problem-solver
You learn quickly, work iteratively, and naturally seek collaboration
You approach your work with integrity, intellectual honesty, and a low ego
You communicate frankly, clearly, and succinctly
You thrive as a self-starter, embracing autonomy and ambiguity
You are a U.S. citizen
