Senior Security Engineer, Security Operations
Share
Job Location:
San Francisco, CA - USA
Monthly Salary:
Not Disclosed
Posted on:
18 hours ago
Vacancies:
1 Vacancy
Job Summary
About GoodLeap:
GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions from solar panels and batteries to energy-efficient HVAC heat pumps roofing windows and more. Over 1 million homeowners have benefited from our simple fast and frictionless technology that makes the adoption of these products more affordable accessible and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeaps proprietary AI-powered applications and developer tools to drive more transparent customer communication deeper business intelligence and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018.
GoodLeap is also proud to support our award-winning nonprofit GivePower which is building and deploying life-saving water and clean electricity systems changing the lives of more than 1.6 million people across Africa Asia and South America.
Position Summary
The GoodLeap security team is responsible for both business enablement and safeguarding the organizations information assets; it is involved in virtually all aspects of the business from product safety and resilience to building security paved roads customer partner and regulatory trust managing technology governance and compliance and ensuring the privacy and safety of GoodLeaps customers partners and employees information.
The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap systems services and operational this role you will work closely with product engineering IT and business teams within GoodLeap to design build implement and operate security and fraud monitoring detection and response capabilities.
Your Oversight Will Encompass
- Security & Fraud Monitoring Detection and Response: Identification of potential misuse and abuse cases determining corresponding events associated with manifestation of such scenarios design of identification and detection solutions e.g. correlated/iterative event searches across log sources ranging from infrastructure to applications/SaaS platforms testing implementation monitoring and fine-tuning of these solutions etc.
- Toolset design and operations: Design and build the monitoring detection and response platform from tool selection and integration e.g. SIEM SOAR agentic SOC EDR to daily operations/management
- Incident Response: Play a leading role in the definition refinement and execution of incident response activities.
- Overall Security Operations: Management and operation of security platforms/solutions outside monitoring detection and response platform.
- Support Embedded Product Security Team: Design build and implement monitoring and detection solutions for GoodLeap products and services.
Essential Job Duties & Responsibilities
- Lead participate in and contribute to security and fraud monitoring detection and response activities inclusive of investigations threat huntingetc. Create playbooks for specific incident response scenarios.
- Identify potential misuse and abuse cases in enterprise systems propose solutions to detect these scenarios and identify and implement monitoring and detection solutions for such scenarios.
- Support or develop components of the security analytics platform.
- Support embedded (product) security team.
- Support general security operations team with vulnerability management tools management and more.
Required Skills Knowledge & Abilities
- Strong communicator with the ability to lead technical architecture discussions drive technical decisions and effectively communicate with non-technical audiences.
- Expertise in security event management monitoring threat hunting incident response playbook creation orchestration/automations etc.
- Experience with threat modeling methodologies.
- Expertise with EDR solutions/platforms such as CrowdStrike S1 Palo Alto Cortex EDR etc.
- Experience with AWS services including KMS SST Container Registry ELBs Lambda API Gateway CloudTrail and IAM (knowledge of GCP and/or Azure is a plus).
- Proven ability to establish credibility and build trust with business engineers and operational staff; confident yet humble. Experience designing configuring and implementing security and fraud monitoring for core enterprise systems e.g. ERP HCM Salesforce etc.
- Experience working with and creating solutions based AI and ML toolsets e.g. creation of AI skills agents MCP clients vibe coding.
- Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases.
- Practical experience with CI/CD pipelines and DevOps tools including Infrastructure-as-Code (IaC) tools like Terraform Pulumi or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault.
- Passionate about learning new technologies. While youre not expected to know everything you should demonstrate a willingness and ability to learn as needed.
- Prior experience interfacing and supporting teams outside of security e.g. internal product teams and other cross-functional areas.
- Proficiency in writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third-party cloud/SaaS platforms automating detection response and operational processes. Experience engaging with vendors in design partnerships.
- Experience overseeing vulnerability and threat management at the platform and application levels.
- Familiarity with penetration testing and red team exercises including manual verification exploitation and lateral movement.
- Ability to balance a high-level view of security strategy with attention to detail ensuring thorough and effective execution
$146000 - $170000 a year
In addition to the above salary this role may be eligible for a bonus and equity.
Additional Information Regarding Job Duties and Job Descriptions:
Job duties include additional responsibilities as assigned by ones supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities reassign or transfer job position or assign additional job responsibilities subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment perform the essential functions of the job or enjoy the benefits and privileges of employment as required by the law.
If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career then we want to work with you! Apply today!
We are committed to protecting your privacy. To learn more about how we collect use and safeguard your personal information during the application process please review ourEmployment Privacy PolicyandRecruiting Policy on AI.
We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.
Required Experience:
Senior IC
Key Skills
- Splunk
- Compliance Management
- IDS
- SOC
- Cybersecurity
- Identity & Access Management
- Security
- Information Security
- Process Engineering
- Metadata
- Encryption
- Siem
About Company
We are a sustainable home solutions marketplace. Providing simple, fast, and frictionless point-of-sale technology for countless mission-driven professionals serving millions of people who want to upgrade their homes and save money.
