Job Url: https://www.linkedin.com/jobs/search/?currentJobId=4364915385&f_AL=true&f_TPR=r10000&f_WT=2&keywords=machine%20learning&origin=JOB_SEARCH_PAGE_JOB_FILTER&start=25 Job Description: Senior Software Engineer – Runtime Security & CNAPP RoonCyber · United States (Remote) Easy Apply Save Save Senior Software Engineer – Runtime Security & CNAPP at RoonCyber Show more options Your profile is missing required qualifications Show match details Help me update my profile BETA Is this information helpful? Get personalized tips to stand out to hirers Find jobs where you’re a top applicant and tailor your resume with the help of AI. Try Premium for PKR0 About the job Join Our Team at RoonCyber and Help Shape the Future of Runtime CNAPP + CADR Location: Remote (US-based ) Type: Full-time Company Stage: Early-stage, venture-backed software startup Reports To: CTO / Head of Engineering Focus: Runtime Security, CADR, CNAPP, Cloud-Scale Data Systems Role Overview At RoonCyber we are building a next-generation Cloud Application Detection & Response (CADR) and Runtime CNAPP platform focused on real-time attack detection, correlation, and response across cloud and containerized environments. This role is intentionally cloud-first: ~90% cloud workload, container, and service runtime visibility (Kubernetes, cloud VMs, serverless, managed services) and ~10% traditional endpoint concepts, primarily where they inform workload behavior or attack chains. Core Responsibilities Architecture & Systems Design Architect and implement core platform services for a CADR / Runtime CNAPP solution Design high-throughput, low-latency data pipelines ingesting: Cloud inventory and control-plane data (AWS, Azure, GCP, OCI) Runtime telemetry (containers, hosts, processes, syscalls) Security events from internal and external sources Build normalized data models for cloud resources, workloads, identities, and security events Design systems that scale to millions of assets, events, and relationships Runtime & Low-Level Engineering (Cloud-First) Design and build cloud-native runtime visibility focused on: Kubernetes workloads (pods, containers, nodes, namespaces) Cloud VMs and managed compute Service-to-service and workload-to-cloud-API interactions Develop and evolve eBPF-based runtime sensors to capture: Syscalls, process execution, file activity, and network flows inside cloud workloads Identity usage, credential access, and privilege transitions at runtime Build high-performance kernel → user-space pipelines optimized for: Cloud density and multi-tenant environments Minimal overhead in production clusters Safe, deterministic execution at scale Implement function-level or execution-path tracing where it improves: Exploit-chain reconstruction Lateral-movement detection Runtime vulnerability confirmation Focus on cloud attack surfaces, including: Container escape attempts Runtime exploitation of cloud services Abuse of IAM roles, metadata services, and service identities Endpoint-style concepts (process trees, file access, network sockets) are used only as primitives to understand cloud workload behavior, not to build traditional desktop or laptop EDR Security Event Correlation & Detection Design event correlation logic to turn raw signals into actionable incidents Support: Attack-path modeling Lateral-movement detection Identity and privilege-abuse analysis Contribute to detection engineering, including: Behavioral detections MITRE ATT&CK alignment Context-rich alerts for SOC and IR teams Cloud & Distributed Systems Integrate deeply with AWS, Azure, and GCP APIs (inventory, IAM, networking, logging) Build resilient, fault-tolerant distributed services Design for eventual consistency, partial failure, and massive scale Balance real-time processing vs. batch / enrichment workflows Engineering Leadership Act as a technical leader and mentor Influence architecture, coding standards, and system reliability practices Partner closely with product, security research, and go-to-market teams Help define the technical roadmap and long-term platform vision What We’re Looking For Required Qualifications 8+ years of professional software engineering experience Proven experience designing and building high-scale, high-performance systems Strong background in distributed systems, data pipelines, or infrastructure platforms Production experience working with complex, high-volume data sets Technical Skills Strong proficiency in one or more of: Rust (preferred) Go C / C++ Experience with eBPF and kernel instrumentation in cloud or containerized environments (strong plus) Deep understanding of: Linux internals as applied to containers and cloud workloads Networking, processes, namespaces, containers Experience integrating with cloud provider APIs (AWS/Azure/GCP) Familiarity with Kubernetes and containerized workloads Security Experience (Strongly Preferred) Background in one or more of: Security platforms (CNAPP, EDR, XDR, SIEM, NDR) SOC, incident response, or detection engineering Red-team / blue-team / purple-team work Understanding of: Cloud attack techniques Identity abuse and privilege escalation Runtime exploit chains MITRE ATT&CK framework Mindset & Traits Comfortable in early-stage startup environments Strong sense of ownership and accountability Able to operate with incomplete requirements Passionate about building defensible, technically differentiated products Systems thinker who balances performance, security, and usability Nice to Have Experience building or operating: CNAPP, CSPM, CWPP, or CADR platforms Large-scale security analytics systems Experience with: Stream processing (Kafka, Pulsar, Kinesis) Columnar or graph data models Attack-graph or relationship-based analysis Prior startup or founding-engineer experience Why Join Us Architect a net-new category-defining security platform Work on hard technical problems at the kernel, cloud, and security layers Massive ownership and influence over product direction Opportunity to build technology that actually stops real attacks Competitive compensation + equity As a fully remote company, we’re looking for candidates who take initiative, communicate proactively, and are comfortable working independently while maintaining close overlap with US Eastern Time hour.