Senior Product Security Engineer

Remote Full-time
About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap’s proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018.GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America.Position SummaryThe GoodLeap security team is responsible for both business enablement and safeguarding the organization’s information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap’s customers, partners, and employees information.The product and application senior engineer role provides a unique opportunity to shape the security and resilience of GoodLeap products, services, and applications. In this role, you will work closely with the product, engineering, and business teams within GoodLeap's business units, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of the products and services developed and operated by the business unit.You will be embedded within the business unit and have a dotted-line reporting relationship to the product or business lead for the unit. Your oversight will encompass:Product features:Identifying potential misuse and abuse cases, proposing features to address these scenarios, and defining product features to meet resilience requirements.Build-time controls: Managing application security controls and activities during development.Runtime controls: Overseeing security measures for deployed products.Additionally, you will represent all areas of security for the business unit(s) you are embedded in, spanning governance, risk, and compliance (GRC) to security monitoring. You will also have the authority and ability to involve other security team members as needed.While you will take on multiple responsibilities - from advisor to builder and beyond - your primary focus will be designing and building product security services and processes, creating product and application security patterns and practices, and fostering strong relationships with product, business, and engineering teams. Essential Job Duties and Responsibilites Lead, participate in, and contribute to partnerships between security, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap products and services.Define and refine processes such as threat modeling, embedment models, and the prioritization of features, defects, and vulnerabilities.Assist the red team with ongoing activities, including bug bounty programs and continuous penetration testing platforms.Support or develop components of the security analytics platform.Support the security operations team with the vulnerability management lifecycle for products and services under your purview.Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations, incidents, and playbooks may address security, fraud, privacy, resilience, and related concerns.Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge and Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences.Expertise in agile product lifecycles. Ideally, you have experience in a product manager or engineering manager role and understand how SaaS products (B2B, B2B2C, and B2C) are built, including roadmap planning and feature and defect prioritization.Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments.Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus).Proven ability to establish credibility and build trust with engineers and operational staff; confident yet humble.Hands-on experience with microservices and associated orchestration tools, such as ECS, EKS, Nomad, and Istio, with an understanding of the operational and security implications of these technologies.Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases.Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault.Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed.Prior experience developing security services for products or enterprise platforms, ideally using Python, Node.js, TypeScript, or .NET.Proficiency in writing automation scripts in multiple languages, with prior experience automating security processes in cloud or SaaS environments.Strong understanding of cryptography and key management use cases.Experience overseeing vulnerability and threat management at the platform and application levels.Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement.Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution. In addition to the above salary, this role may be eligible for a bonus. Additional Information Additional Information Regarding Job Duties and Job Descriptions:Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today!

Apply Now
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Chief of Staff to the CTO

Remote

[Remote/WFM] Office Assistant - Entry Level

Remote

Elementary School Teacher

Remote

American Airlines Job Opportunity: Opinion Sharing and Data Entry...

Remote

Entry-Level Underwriting Assistant Trainee Opportunity in Commercial Property and Casualty Insurance - Fully Remote at GNY

Remote

[Remote] SMB Account Executive (Entry-Level)

Remote

Enterprise Account Executive - US

Remote

Temporary, Full-Time Mentoring and Social Services - Social Worker (Interim Position)

Remote

Investment Analyst: Banks

Remote

Tax Manager | Director Track | 100% Remote

Remote
← Back