Senior Security Engineer

Austin, TX - USA

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

About GoodLeap:

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions from solar panels and batteries to energy-efficient HVAC heat pumps roofing windows and more. Over 1 million homeowners have benefited from our simple fast and frictionless technology that makes the adoption of these products more affordable accessible and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeaps proprietary AI-powered applications and developer tools to drive more transparent customer communication deeper business intelligence and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018.

GoodLeap is also proud to support our award-winning nonprofit GivePower which is building and deploying life-saving water and clean electricity systems changing the lives of more than 1.6 million people across Africa Asia and South America.

Position Summary

The GoodLeap security team is responsible for both business enablement and safeguarding the organizations information assets; it is involved in virtually all aspects of the business from product safety and resilience to building security paved roads customer partner and regulatory trust managing technology governance and compliance and ensuring the privacy and safety of GoodLeaps customers partners and employees information.

The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems services and operational this role you will work closely with product engineering IT and business teams within GoodLeap acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems products and services.

Your oversight will encompass:

- Enterprise systems:Identifying potential misuse and abuse cases proposing solutions to address these scenarios and identifying product features configuration settings and/or mitigating or compensating controls to meet resilience requirements.

- Build-time controls: Managing applications/products security controls and activities during development.

- Runtime controls: Overseeing security measures at runtime from prevention to detection and response.

Additionally you will be involved with aspects of internally built products and represent all areas of security spanning governance risk and compliance (GRC) to security monitoring for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed.

While you will take on multiple responsibilitiesfrom advisor to builder and beyondyour primary focus will be designing and building security patterns and practices for services and processes and fostering strong relationships with product business and engineering.

Essential Job Duties & Responsibilities

Lead participate in and contribute to partnerships between security IT General & Administrative teams engineering product and operations teams to build orchestrate and automate security controls and services in GoodLeap enterprise systems products services and operational processes.
Identify potential misuse and abuse cases in enterprise systems propose solutions to address these scenarios and identify product features configuration settings and/or mitigating or compensating controls to meet resilience requirements.
Support or develop components of the security analytics platform.
Contribute to investigations threat hunting and incident response activities in a supporting role.
Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations incidents and playbooks may address security fraud privacy resilience and related concerns.
Support the security operations team with the vulnerability management lifecycle for products and services under your purview.
Ensure technical alignment for the products and services you oversee with team initiatives including GRC security operations and monitoring and response activities.

Required Skills Knowledge & Abilities

Strong communicator with the ability to lead technical architecture discussions drive technical decisions and effectively communicate with non-technical audiences.
Expertise in agile product lifecycles. Ideally you have experience in a product manager or engineering manager role and understand how SaaS products (B2B B2B2C and B2C) are built including roadmap planning and feature and defect prioritization.
Experience with threat modeling methodologies with the ability to create efficient and scalable approaches to conducting such assessments.
Familiarity with AWS services including KMS SST Container Registry ELBs Lambda API Gateway CloudTrail and IAM (knowledge of GCP and/or Azure is a plus).
Proven ability to establish credibility and build trust with business engineers and operational staff; confident yet humble.
Hands-on experience with managing security for core enterprise systems e.g. ERP HCM Salesforce etc.
Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases.
Practical experience with CI/CD pipelines and DevOps tools including Infrastructure-as-Code (IaC) tools like Terraform Pulumi or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault.
Passionate about learning new technologies. While youre not expected to know everything you should demonstrate a willingness and ability to learn as needed.
Prior experience interfacing and supporting with G&A teams internal product teams and other cross-functional areas.
Proficiency in writing automation scripts in multiple languages with prior experience automating security processes in cloud or SaaS environments.
Experience engaging with vendors in design partnerships.
Experience overseeing vulnerability and threat management at the platform and application levels.
Familiarity with penetration testing and red team exercises including manual verification exploitation and lateral movement.
Ability to balance a high-level view of security strategy with attention to detail ensuring thorough and effective execution.

$146000 - $170000 a year

In addition to the above salary this role may be eligible for a bonus.

Additional Information Regarding Job Duties and Job Descriptions:

Job duties include additional responsibilities as assigned by ones supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities reassign or transfer job position or assign additional job responsibilities subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment perform the essential functions of the job or enjoy the benefits and privileges of employment as required by the law.

If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career then we want to work with you! Apply today!

We are committed to protecting your privacy. To learn more about how we collect use and safeguard your personal information during the application process please review ourEmployment Privacy Policyand Recruiting Policy on AI.

We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.

Required Experience:

Senior IC

About GoodLeap:GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions from solar panels and batteries to energy-efficient HVAC heat pumps roofing windows and more. Over 1 million homeowners have benefited from our simple fast and frictionl...

About GoodLeap:

Position Summary

Your oversight will encompass:

- Build-time controls: Managing applications/products security controls and activities during development.

- Runtime controls: Overseeing security measures at runtime from prevention to detection and response.

Essential Job Duties & Responsibilities

Lead participate in and contribute to partnerships between security IT General & Administrative teams engineering product and operations teams to build orchestrate and automate security controls and services in GoodLeap enterprise systems products services and operational processes.
Identify potential misuse and abuse cases in enterprise systems propose solutions to address these scenarios and identify product features configuration settings and/or mitigating or compensating controls to meet resilience requirements.
Support or develop components of the security analytics platform.
Contribute to investigations threat hunting and incident response activities in a supporting role.
Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. These investigations incidents and playbooks may address security fraud privacy resilience and related concerns.
Support the security operations team with the vulnerability management lifecycle for products and services under your purview.
Ensure technical alignment for the products and services you oversee with team initiatives including GRC security operations and monitoring and response activities.

Required Skills Knowledge & Abilities

Strong communicator with the ability to lead technical architecture discussions drive technical decisions and effectively communicate with non-technical audiences.
Expertise in agile product lifecycles. Ideally you have experience in a product manager or engineering manager role and understand how SaaS products (B2B B2B2C and B2C) are built including roadmap planning and feature and defect prioritization.
Experience with threat modeling methodologies with the ability to create efficient and scalable approaches to conducting such assessments.
Familiarity with AWS services including KMS SST Container Registry ELBs Lambda API Gateway CloudTrail and IAM (knowledge of GCP and/or Azure is a plus).
Proven ability to establish credibility and build trust with business engineers and operational staff; confident yet humble.
Hands-on experience with managing security for core enterprise systems e.g. ERP HCM Salesforce etc.
Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases.
Practical experience with CI/CD pipelines and DevOps tools including Infrastructure-as-Code (IaC) tools like Terraform Pulumi or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault.
Passionate about learning new technologies. While youre not expected to know everything you should demonstrate a willingness and ability to learn as needed.
Prior experience interfacing and supporting with G&A teams internal product teams and other cross-functional areas.
Proficiency in writing automation scripts in multiple languages with prior experience automating security processes in cloud or SaaS environments.
Experience engaging with vendors in design partnerships.
Experience overseeing vulnerability and threat management at the platform and application levels.
Familiarity with penetration testing and red team exercises including manual verification exploitation and lateral movement.
Ability to balance a high-level view of security strategy with attention to detail ensuring thorough and effective execution.

$146000 - $170000 a year

In addition to the above salary this role may be eligible for a bonus.

Additional Information Regarding Job Duties and Job Descriptions:

If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career then we want to work with you! Apply today!

Required Experience:

Senior IC

Key Skills

Car Driving
Access
CFA
Excel
Irrigation
Marine Services

Apply Now

About Company

GoodLeap

We are a sustainable home solutions marketplace. Providing simple, fast, and frictionless point-of-sale technology for countless mission-driven professionals serving millions of people who want to upgrade their homes and save money.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click