Senior Software Engineer – Runtime Security & CNAPP jobs in United States
cer-icon
Apply on Employer Site
company-logo

RoonCyber · 3 hours ago

Senior Software Engineer – Runtime Security & CNAPP

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date8+ years exp

RoonCyber is an early-stage, venture-backed software startup focused on developing a next-generation Cloud Application Detection & Response (CADR) and Runtime CNAPP platform. The Senior Software Engineer will be responsible for architecting and implementing core platform services, designing cloud-native runtime visibility, and contributing to security event correlation and detection efforts.

Computer & Network Security

Responsibilities

Architect and implement core platform services for a CADR / Runtime CNAPP solution
Design high-throughput, low-latency data pipelines ingesting:
Cloud inventory and control-plane data (AWS, Azure, GCP, OCI)
Runtime telemetry (containers, hosts, processes, syscalls)
Security events from internal and external sources
Build normalized data models for cloud resources, workloads, identities, and security events
Design systems that scale to millions of assets, events, and relationships
Design and build cloud-native runtime visibility focused on:
Kubernetes workloads (pods, containers, nodes, namespaces)
Cloud VMs and managed compute
Service-to-service and workload-to-cloud-API interactions
Develop and evolve eBPF-based runtime sensors to capture:
Syscalls, process execution, file activity, and network flows inside cloud workloads
Identity usage, credential access, and privilege transitions at runtime
Build high-performance kernel → user-space pipelines optimized for:
Cloud density and multi-tenant environments
Minimal overhead in production clusters
Safe, deterministic execution at scale
Implement function-level or execution-path tracing where it improves:
Exploit-chain reconstruction
Lateral-movement detection
Runtime vulnerability confirmation
Focus on cloud attack surfaces, including:
Container escape attempts
Runtime exploitation of cloud services
Abuse of IAM roles, metadata services, and service identities
Endpoint-style concepts (process trees, file access, network sockets) are used only as primitives to understand cloud workload behavior, not to build traditional desktop or laptop EDR
Design event correlation logic to turn raw signals into actionable incidents
Support:
Attack-path modeling
Lateral-movement detection
Identity and privilege-abuse analysis
Contribute to detection engineering, including:
Behavioral detections
MITRE ATT&CK alignment
Context-rich alerts for SOC and IR teams
Integrate deeply with AWS, Azure, and GCP APIs (inventory, IAM, networking, logging)
Build resilient, fault-tolerant distributed services
Design for eventual consistency, partial failure, and massive scale
Balance real-time processing vs. batch / enrichment workflows
Act as a technical leader and mentor
Influence architecture, coding standards, and system reliability practices
Partner closely with product, security research, and go-to-market teams
Help define the technical roadmap and long-term platform vision

Qualification

RustEBPFCloud APIsDistributed systemsKubernetesLinux internalsSecurity platformsGoC / C++Incident responseSystems thinker

Required

8+ years of professional software engineering experience
Proven experience designing and building high-scale, high-performance systems
Strong background in distributed systems, data pipelines, or infrastructure platforms
Production experience working with complex, high-volume data sets
Strong proficiency in one or more of: Rust (preferred), Go, C / C++
Experience with eBPF and kernel instrumentation in cloud or containerized environments (strong plus)
Deep understanding of: Linux internals as applied to containers and cloud workloads, Networking, processes, namespaces, containers
Experience integrating with cloud provider APIs (AWS/Azure/GCP)
Familiarity with Kubernetes and containerized workloads
Comfortable in early-stage startup environments
Strong sense of ownership and accountability
Able to operate with incomplete requirements
Passionate about building defensible, technically differentiated products
Systems thinker who balances performance, security, and usability

Preferred

Background in one or more of: Security platforms (CNAPP, EDR, XDR, SIEM, NDR), SOC, incident response, or detection engineering, Red-team / blue-team / purple-team work
Understanding of: Cloud attack techniques, Identity abuse and privilege escalation, Runtime exploit chains, MITRE ATT&CK framework

Benefits

Competitive compensation + equity

Company

RoonCyber

twitter
company-logo
RoonCyber delivers complete, unified cloud security with Runtime CNAPP combined with Cloud Application Detection and Response (CADR).
people-size11-50 employees
web-link
https://www.rooncyber.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase