Founding Engineer - Identity Threat Detection

This is not a senior engineer role. This is a co-builder seat. You will own the architecture, guide the team, ship hands-on, and help define the product. You will join as a founding team member with significant equity - and be accountable for outcomes. This role is remote (based anywhere in the world for the right candidate)

Why This Role Exists 

We have an MVP. We have conversations. We have a dev team already in motion. What we don't yet have is a founding engineer figure - someone who can look at the codebase, the architecture, and the product direction and say: "I can take this somewhere real." 

The identity threat landscape is shifting fast. AI is reshaping how teams build, how attackers move, and how products need to evolve. The current team is capable but not wired for this pace and depth. We need someone who is. 

What You'll Own 

Architecture & Technical Direction 

• Own end-to-end system architecture decisions - from identity data ingestion to policy enforcement to customer-facing APIs 
• Set the engineering bar: patterns, tooling, code review standards, and developer workflow practices 
• Evaluate and evolve the current stack; make the hard calls when things need to change 

Product Thinking 

• Translate security complexity into low-friction user experiences - you understand that a product nobody uses solves nothing 
• Sit at the intersection of security depth and UX clarity; challenge decisions that sacrifice one for the other 
• Contribute to roadmap and prioritization alongside the founding team 

Team Leadership 

• Be the technical voice in customer conversations, sales, and investor discussions when the product is on the line 
• You won't manage a headcount - you'll lead through craft and clarity 

Hands-On Execution 

• Ship code. This role is not advisory. You'll be in the repository
• Leverage AI coding tools (Claude, Copilot, etc.) to move faster - you know where they help and where they get in the way 
• Debug the hard stuff. The identity edge cases. The token issuance quirks. The permission propagation bugs nobody else can figure out 

What We Need From You 

These are not nice-to-haves. If you don't have most of these, this isn't the right role. 

Cloud Identity - Deep, Not Surface-Level 

You've operated in the Microsoft identity stack at a level most engineers haven't. You know why things break, not just how to call the APIs. 

• Microsoft Graph API (advanced usage, delta queries, change tracking) 
• Azure AD / Entra ID internals - roles, service principals, app registrations 
• OAuth2 / OIDC flows - token issuance, revocation mechanics, scope models 
• Conditional Access policies and Privileged Identity Management (PIM) 
• RBAC misconfiguration patterns and privilege escalation paths 
• Identity-based lateral movement and credential abuse vectors 

Engineering Fundamentals 

• Cloud-native distributed systems - you've built them and operated them 
• Event-driven / async architectures and idempotent automation 
• Policy or rule engines  
• Node.js/TypeScript, Rust, or Python at production depth 
• Neo4j, Kafka/SQS, Redis, PostgreSQL - standard distributed systems toolbox 

Modern Tooling & AI Awareness 

This isn’t optional or aspirational - it’s part of how the product works and how the team builds. 

• You use developer tooling and automation daily and have strong opinions about what actually moves the needle 
• You can reason about where AI belongs in a security product - and where it introduces risk 
• You understand the emerging AI threat surface in identity - agent abuse, AI-assisted privilege escalation, synthetic identity fraud 

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

Strong Plus 

• Direct experience building IAM, PAM, ITDR, or CIEM products 
• Access graph modeling experience 
• 0→1 startup experience - you've taken something from MVP to paying customers 
• Azure SDK depth 
• Experience navigating enterprise sales cycles as a technical founder or lead 

What You Get 

🎯 Founding Equity 

Stake in the company. This is a co-builder seat, priced accordingly. 

🏗️ Real Decision-Making Power 

Architecture, product, and security decisions are yours. No committees. 

🚀 Early-Stage Leverage 

Join at a stage where your decisions compound. You won't be inheriting someone else's architecture. 

📐 A Real Problem Space 

Identity threat detection is one of the hardest and most important problems in enterprise security right now. 

Who You Probably Are 

You've been a senior engineer or principal at a cloud security or identity company and you're restless. You know the domain deeply, you've seen what great looks like, and you're ready to build something instead of maintain something. 

Or you're an early-stage technical founder who's done this before and wants to go again - this time in a space you care about. 

Either way: you ship, you think, and you're not waiting for someone to hand you a spec. 

If most of this sounds like you, we want to talk. Don't filter yourself out.