Security Engineer (Offensive Ops & Automation) for a Sustainability SaaS
One Click LCA is decarbonizing the global construction industry and handling massive datasets and critical BIM integrations. We are looking for a Security Engineer who thinks like a hacker and builds like an engineer. This is a hands-on, deeply technical role, and not a compliance or audit position. We need a practitioner who can design and implement an automated, resilient, defence-in-depth security architecture that scales with our global footprint.
Our technology powers the makers of a zero-carbon future
One Click LCA is a fast-growing and profitable Software-as-a-Service (SaaS) growth company. Used in 170+ countries, leading end-to-end sustainability platform for construction and manufacturing. The AI-powered software decarbonises and drives sustainability across the construction value chain with scientific, easy-to-use, automated life-cycle assessment (LCA) and environmental product declarations (EPDs) to calculate and reduce the environmental impacts of building, infrastructure, and renovation projects and products.
You will join a supportive, effective, and mission-oriented team in a flexible, friendly and international work environment and have a great deal of autonomy in your role.
This full-time, permanent position is available on a remote basis for candidates based in India.
What you will do:
We are eager to receive your application by 16 January 2026. Applications are reviewed on reception, so please apply swiftly.
We train, equip and support the makers of a zero-carbon future to tackle low-carbon design, planning, manufacturing, and procurement using life-cycle assessment to achieve zero.
This is how we do it:
One Click LCA is used in +170 countries. Its decarbonization platform includes a unique global database with +250,000 LCA datasets, and it supports +80 standards and certifications, including LEED, BREEAM, GRESB and other national regulations.
One Click LCA was founded in Finland in 2001 and has a team of +230 people on all continents.
Learn more at: www.oneclicklca.com
Our technology powers the makers of a zero-carbon future
One Click LCA is a fast-growing and profitable Software-as-a-Service (SaaS) growth company. Used in 170+ countries, leading end-to-end sustainability platform for construction and manufacturing. The AI-powered software decarbonises and drives sustainability across the construction value chain with scientific, easy-to-use, automated life-cycle assessment (LCA) and environmental product declarations (EPDs) to calculate and reduce the environmental impacts of building, infrastructure, and renovation projects and products.
You will join a supportive, effective, and mission-oriented team in a flexible, friendly and international work environment and have a great deal of autonomy in your role.
This full-time, permanent position is available on a remote basis for candidates based in India.
What you will do:
- Continuous Offensive Ops: Conduct deep-dive manual penetration tests on our AWS-native stack and APIs, then automate those exploits into continuous security tests.
- Security as Code: Own the security layer of our pipelines. Implement and tune SAST/DAST/SCA to ensure high-signal, automated gating.
- Direct Remediation: You have push rights. You will collaborate with developers to fix vulnerabilities at the source or refactor insecure Infrastructure as Code.
- Cloud Hardening: Architect and enforce security boundaries across AWS (and Azure) using IAM policy-as-code and automated guardrails.
- The Mindset: You are a builder who thinks like an attacker. You have likely hunted bugs, competed in CTFs, or built your own security tools.
- AWS Mastery: Deep experience securing AWS environments. Familiarity with Azure is a strong plus.
- Automation/DevSecOps: Proficient in Python and Java, and good knowledge of Terraform, GitHub Actions, and Code quality tools, e.g., SonarQube.
- Exploitation Skills: Expert knowledge of web/API vulnerabilities (OWASP Top 10) and the ability to demonstrate manual exploitation before automating the detection.
- High Agency: This is an engineering role, not management. You define the tools and the strategy.
- Push Access: You are not just filing tickets; you are shipping secure code.
- Purpose: Protect the data that is actively fighting climate change.
- Modern Stack: Cloud-native and high-growth.
- Work in a growing business that helps bring about a zero-carbon future
- Competitive compensation and opportunity for professional development
We are eager to receive your application by 16 January 2026. Applications are reviewed on reception, so please apply swiftly.
We train, equip and support the makers of a zero-carbon future to tackle low-carbon design, planning, manufacturing, and procurement using life-cycle assessment to achieve zero.
This is how we do it:
- We train everyone in the world to life-cycle assessment via One Click LCA Academy for free.
- We provide software tools to decarbonize any project or product anywhere in the world.
- We create free resources and policy tools to power all the makers of zero-carbon future.
- We aim to power one million users by 2035.
- We’re training tens of thousands of people for free annually via One Click LCA Academy.
- We provide One Click LCA Planetary, a free embodied carbon software for everyone.
- We author free policy papers and best practice guidelines for governments and businesses.
- Supporting decarbonization outside our direct business
- We invested over 150 000 EUR in the creation of a surplus construction materials marketplace business to reduce site wastage and advanced regulations supporting this activity.
- We have invested 150 000 EUR in the construction of new primary wind power in Finland.
- We donate annually to a number of sustainability NGOs in line with our mission.
- We’re a proud signatory of the World Green Building Council Net Zero commitment and shall achieve zero carbon facilities by 2030.
- We’ve invested in primary wind power generation capacity to power our entire operations.
- We minimize travel emissions by supporting remote work and encouraging public transport.
- We do not serve meat in any company events or dinners and use plant-based milk.
- We operate a paperless business.
- We have a very supportive, highly expert, and friendly team of colleagues.
- We leave staff a great deal of autonomy & freedom; you can get done what needs to get done.
- We have a low hierarchy and support an open flow of information.
- Our team is highly international and represents well over 20 nationalities.
- We work on the same mission together with our customers to create a zero-carbon future.
One Click LCA is used in +170 countries. Its decarbonization platform includes a unique global database with +250,000 LCA datasets, and it supports +80 standards and certifications, including LEED, BREEAM, GRESB and other national regulations.
One Click LCA was founded in Finland in 2001 and has a team of +230 people on all continents.
Learn more at: www.oneclicklca.com