GoodLeap
About GoodLeap
GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap’s proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018.
GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America.
Position Summary
The GoodLeap security team is responsible for both business enablement and safeguarding the organization’s information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap’s customers, partners, and employees information.
The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap corporate systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of enterprise systems, products, and services.
Your Oversight Will Encompass
Enterprise systems: Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Build-time controls: Managing applications/products security controls and activities during development. Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. Essential Job Duties & Responsibilities
Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities
Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM. Proven ability to establish credibility and build trust with business, engineers, and operational staff. Hands-on experience with managing security for core enterprise systems. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools. Passionate about learning new technologies. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises. Ability to balance a high-level view of security strategy with attention to detail. The salary range for this role is $146,000 - $170,000 a year. In addition to the above salary, this role may be eligible for a bonus. We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.
#J-18808-Ljbffr
Enterprise systems: Identifying potential misuse and abuse cases, proposing solutions to address these scenarios, and identifying product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Build-time controls: Managing applications/products security controls and activities during development. Runtime controls: Overseeing security measures at runtime, from prevention to detection and response. Additionally, you will be involved with aspects of internally built products and represent all areas of security, spanning governance, risk, and compliance (GRC) to security monitoring, for a number of departments/teams. You will also have the authority and ability to involve other security team members as needed. Essential Job Duties & Responsibilities
Lead, participate in, and contribute to partnerships between security, IT, General & Administrative teams, engineering, product, and operations teams to build, orchestrate, and automate security controls and services in GoodLeap enterprise systems, products, services, and operational processes. Identify potential misuse and abuse cases in enterprise systems, propose solutions to address these scenarios, and identify product features, configuration settings, and/or mitigating or compensating controls to meet resilience requirements. Support or develop components of the security analytics platform. Contribute to investigations, threat hunting, and incident response activities in a supporting role. Collaborate with the monitoring and response team to create playbooks for specific incident response scenarios related to the products and services you oversee. Support the security operations team with the vulnerability management lifecycle for products and services under your purview. Ensure technical alignment for the products and services you oversee with team initiatives, including GRC, security operations, and monitoring and response activities. Required Skills, Knowledge & Abilities
Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in agile product lifecycles. Experience with threat modeling methodologies, with the ability to create efficient and scalable approaches to conducting such assessments. Familiarity with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM. Proven ability to establish credibility and build trust with business, engineers, and operational staff. Hands-on experience with managing security for core enterprise systems. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools. Passionate about learning new technologies. Prior experience interfacing and supporting with G&A teams, internal product teams, and other cross-functional areas. Proficiency in writing automation scripts in multiple languages. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises. Ability to balance a high-level view of security strategy with attention to detail. The salary range for this role is $146,000 - $170,000 a year. In addition to the above salary, this role may be eligible for a bonus. We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI.
#J-18808-Ljbffr