Rodeo
ResourcesPartnersSign in

StackOne

Senior Engineer (AI Governance)

London
Posted about 1 month ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Senior Engineer (AI Governance)

About StackOne: StackOne is the AI Integration Gateway for SaaS products and AI Agents. Backed by GV and Workday Ventures ($24M raised), we help builders of SaaS platforms and AI Agents orchestrate hundreds of scalable, accurate, and enterprise-grade integrations. Our platform combines 25,000 pre-mapped actions on 200 connectors, an AI-powered integration development toolkit, plus security by design: a real-time architecture, managed authentication and permissions, and end-to-end observability. Join us on our fast trajectory to build the future of agentic integrations. Own how enterprises govern the tools their agents can reach — the enrollment, provisioning, policy, posture, and identity-bound access layer that does for agent tooling what MDM and EDR (Jamf, Kandji, CrowdStrike) do for laptops, and what API gateways do for API traffic, at gateway scale. Why this role exists StackOne is the tools gateway for agents — the secure, token-efficient layer through which AI agents reach 200+ enterprise SaaS systems. As enterprises connect agents to real tools and real data, governance becomes the defining problem: who or what may invoke which tool, with which scopes, against which data, under which conditions — and how you catch it when something drifts, misbehaves, or turns into a vulnerability. That is a control-plane problem. It mirrors the device-fleet problem MDM and EDR vendors solved over the last decade, and the identity-bound access control API gateways brought to API traffic — now applied to agent tool access. We want an engineer who has built or operated one of those systems and wants to bring the pattern to the agent era.

The mental model What MDM, EDR, and identity platforms did for devices & software access, and what API gateways did for API traffic, applied to the tools agents use: Enroll & inventory devices → register and inventory the tools agents can reach (servers, APIs, connected accounts) Provision apps and configs to devices → provision agent and user access to specific tools and scopes Compliance baselines and config profiles → policy for tool, scope, and data access, with conditional rules and guardrails Authenticate, authorize, and rate-limit every API call (API gateway) → authenticate, authorize, and govern every tool call an agent makes through the gateway Continuous posture and vulnerability monitoring → continuous posture monitoring of connected tools and their usage Telemetry, detection, and response (EDR) → instrumentation of tool traffic, anomaly and abuse detection, containment controls Bind device identity to the corporate IdP → bind agent and tool access to enterprise identity (OAuth 2.1, SSO, SCIM) What you'll work on Provisioning lifecycle for tool access — enroll, grant, rotate, revoke — across our managed auth and connector-profile layer, so builders and end users never hand-wire OAuth apps. Policy and enforcement — shape the authoring, versioning, and runtime enforcement of access policies (including LLM assisted policy generation): which agent, which tool, which scope, which data classes, conditional on identity and context. This is central to our agent-permissioning work. Posture and risk — continuous assessment of connected tools and the SaaS behind them; surface risky scopes, stale grants, and anomalous invocation patterns. Instrumentation and telemetry — deepen structured, queryable visibility into the tool calls flowing through the gateway, with the latency discipline of a system on the hot path. Identity integration — extend our OAuth 2.1, SSO, and SCIM story so policy and provisioning stay bound to enterprise identity rather than bolted on. Detection and response — the agent-era analog of EDR: define what "bad" looks like, surface it, and give operators the controls to contain it. What we're looking for Strong software engineering fundamentals — comfortable owning a system end-to-end in production. Built or operated at least one of: an API gateway / management platform (Kong, Apigee, Zuplo, AWS API Gateway, and similar), MDM/UEM (Jamf, Kandji, Intune, Workspace ONE, Google Workspace MDM), EDR/XDR (CrowdStrike, SentinelOne, and similar), or a comparable policy-driven provisioning, posture, or access-control platform. Crossover across more than one of these is a real plus. Built a policy or rules engine — authoring model, evaluation, enforcement, versioning. You know the difference between expressing a policy and enforcing it at runtime. Identity systems — OAuth/OIDC, SAML, SSO, SCIM — with a real grasp of scopes, grants, token lifecycle, and least privilege in practice. Telemetry and instrumentation of a system on the request path, and the trade-offs of monitoring without adding meaningful latency. LLM an AI experience - you've used if not built MCP servers before, you understand the governance and guardrails problems linked to AI usage and have created AI Agents before Nice to have Security background: vulnerability management, threat detection, or compliance posture (SOC 2 / ISO 27001 environments). Experience shipping a product that other developers configure and rely on (platform / API empathy). Built or contributed in public (OSS, specs, write-ups). Who you'll work with Reporting into engineering leadership, partnering closely with the founders (Romain, CEO; Guillaume, CTO) and the security and platform engineers. This is a high-ownership role on a strategic pillar of StackOne's roadmap. You'll set be able to the technical direction for how StackOne governs agent access to tools, for the IT and security leaders who decide whether agents get to touch real systems.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

API Gateway
MDM/UEM
EDR/XDR
Policy Engine
OAuth 2.1
OIDC
SAML
SSO
SCIM
Telemetry
Instrumentation
AI Agents
MCP Servers
Vulnerability Management
Threat Detection
Compliance Posture

Location

London, England, United Kingdom

Sign up to applySee more jobs like this