Senior Engineer (AI Governance)

About StackOne:

StackOne is the AI Integration Gateway for SaaS products and AI Agents. Backed by GV and Workday Ventures ($24M raised), we help builders of SaaS platforms and AI Agents orchestrate hundreds of scalable, accurate, and enterprise-grade integrations. Our platform combines 25,000 pre-mapped actions on 200 connectors, an AI-powered integration development toolkit, plus security by design: a real-time architecture, managed authentication and permissions, and end-to-end observability.

Join us on our fast trajectory to build the future of agentic integrations.

Own how enterprises govern the tools their agents can reach: the enrollment, provisioning, policy, posture, and identity-bound access layer that does for agent tooling what MDM and EDR (Jamf, Iru, CrowdStrike) do for devices, and what API gateways do for API traffic, at gateway scale.

Why this role exists

StackOne is the tools gateway for agents: the secure, token-efficient layer through which AI agents reach 200+ enterprise SaaS systems. As enterprises connect agents to real tools and real data, governance becomes the defining problem: who or what may invoke which tool, with which scopes, against which data, under which conditions, and how you catch it when something drifts, misbehaves, or turns into a vulnerability.

The mental model

What MDM, EDR, and identity platforms did for devices & software access, and what API gateways did for API traffic, applied to the tools agents use:

• Enroll & inventory devices → register and inventory the tools agents can reach (servers, APIs, connected accounts)

• Provision apps and configs to devices → provision agent and user access to specific tools and scopes

• Compliance baselines and config profiles → policy for tool, scope, and data access, with conditional rules and guardrails

• Authenticate, authorize, and rate-limit every API call (API gateway) → authenticate, authorize, and govern every tool call an agent makes through the gateway

• Continuous posture and vulnerability monitoring → continuous posture monitoring of connected tools and their usage

• Telemetry, detection, and response (EDR) → instrumentation of tool traffic, anomaly and abuse detection, containment controls

• Bind device identity to the corporate IdP → bind agent and tool access to enterprise identity (OAuth 2.1, SSO, SCIM)

What you'll work on

• Provisioning lifecycle for tool access — enroll, grant, rotate, revoke — across our managed auth and connector-profile layer, so builders and end users never hand-wire OAuth apps.

• Policy and enforcement — shape the authoring, versioning, and runtime enforcement of access policies (including LLM assisted policy generation): which agent, which tool, which scope, which data classes, conditional on identity and context. This is central to our agent-permissioning work.

• Posture and risk — continuous assessment of connected tools and the SaaS behind them; surface risky scopes, stale grants, and anomalous invocation patterns.

• Instrumentation and telemetry — deepen structured, queryable visibility into the tool calls flowing through the gateway, with the latency discipline of a system on the hot path.

• Identity integration — extend our OAuth 2.1, SSO, and SCIM story so policy and provisioning stay bound to enterprise identity rather than bolted on.

• Detection and response — the agent-era analog of EDR: define what "bad" looks like, surface it, and give operators the controls to contain it.

What we're looking for

• Strong software engineering fundamentals — comfortable owning a system end-to-end in production.

• Built or operated at least one of: an API gateway / management platform (Kong, Apigee, Zuplo, AWS API Gateway, and similar), MDM/UEM (Jamf, Kandji, Intune, Workspace ONE, Google Workspace MDM), EDR/XDR (CrowdStrike, SentinelOne, and similar), or a comparable policy-driven provisioning, posture, or access-control platform. Crossover across more than one of these is a real plus.

• Built a policy or rules engine — authoring model, evaluation, enforcement, versioning. You know the difference between expressing a policy and enforcing it at runtime.

• Identity systems — OAuth/OIDC, SAML, SSO, SCIM — with a real grasp of scopes, grants, token lifecycle, and least privilege in practice.

• Telemetry and instrumentation of a system on the request path, and the trade-offs of monitoring without adding meaningful latency.

• LLM an AI experience - you've used if not built MCP servers before, you understand the governance and guardrails problems linked to AI usage and have created AI Agents before

Nice to have

• Security background: vulnerability management, threat detection, or compliance posture (SOC 2 / ISO 27001 environments).

• Experience shipping a product that other developers configure and rely on (platform / API empathy).

• Built or contributed in public (OSS, specs, write-ups).

Who you'll work with