Job Description

One Click LCA is decarbonizing the global construction industry and handling massive datasets and critical BIM integrations. We are looking for a Security Engineer who thinks like a hacker and builds like an engineer. This is a hands-on, deeply technical role, and not a compliance or audit position. We need a practitioner who can design and implement an automated, resilient, defence-in-depth security architecture that scales with our global footprint.
Our technology powers the makers of a zero-carbon future
One Click LCA is a fast-growing and profitable Software-as-a-Service (SaaS) growth company. Used in 170+ countries, leading end-to-end sustainability platform for construction and manufacturing. The AI-powered software decarbonises and drives sustainability across the construction value chain with scientific, easy-to-use, automated life-cycle assessment (LCA) and environmental product declarations (EPDs) to calculate and reduce the environmental impacts of building, infrastructure, and renovation projects and products.
You will join a supportive, effective, and mission-oriented team in a flexible, friendly and international work environment and have a great deal of autonomy in your role.
This full-time, permanent position is available on a remote basis for candidates based in India.
What you will do:
Continuous Offensive Ops: Conduct deep-dive manual penetration tests on our AWS-native stack and APIs, then automate those exploits into continuous security tests.
Security as Code: Own the security layer of our pipelines. Implement and tune SAST/DAST/SCA to ensure high-signal, automated gating.
Direct Remediation: You have push rights. You will collaborate with developers to fix vulnerabilities at the source or refactor insecure Infrastructure as Code.
Cloud Hardening: Architect and enforce security boundaries across AWS (and Azure) using IAM policy-as-code and automated guardrails.
Your technical profile:
The Mindset: You are a builder who thinks like an attacker. You have likely hunted bugs, competed in CTFs, or built your own security tools.
AWS Mastery: Deep experience securing AWS environments. Familiarity with Azure is a strong plus.
Automation/DevSecOps: Proficient in Python and Java, and good knowledge of Terraform, GitHub Actions, and Code quality tools, e.g., SonarQube.
Exploitation Skills: Expert knowledge of web/API vulnerabilities (OWASP Top 10) and the ability to demonstrate manual exploitation before automating the detection.
Why One Click LCA:
High Agency: This is an engineering role, not management. You define the tools and the strategy.
Push Access: You are not just filing tickets; you are shipping secure code.
Purpose: Protect the data that is actively fighting climate change.
Modern Stack: Cloud-native and high-growth.
Work in a growing business that helps bring about a zero-carbon future
Competitive compensation and opportunity for professional development
Interested?
We are eager to receive your application by 16 January 2026. Applications are reviewed on reception, so please apply swiftly.
One Click LCA is a Helsinki-based tech company decarbonizing construction and manufacturing with world-leading, easy-to-use, and automated life-cycle assessment (LCA) to calculate and reduce the environmental impacts of building, infrastructure, and renovation projects -- as well as construction and other manufactured products. It also enables manufacturers to generate and publish third-party verified EPDs and allows assessment of circularity, life-cycle cost, and soon also biodiversity.
One Click LCA is used in +170 countries. Its decarbonization platform includes a unique global database with +250,000 LCA datasets, and it supports +80 standards and certifications, including LEED, BREEAM, GRESB and other national regulations.
One Click LCA was founded in Finland in 2001 and has a team of +230 people on all continents.
Learn more at:

Skills Required