Description:

GoodLeap is a technology company focused on providing financing and software products for sustainable solutions, including solar panels, batteries, and energy-efficient systems.
The Senior Product Security Engineer will be part of the GoodLeap security team, responsible for safeguarding the organization’s information assets and ensuring product safety and resilience.
This role involves working closely with product, engineering, and business teams to ensure the safety and resilience of products and services.
Responsibilities include identifying potential misuse cases, managing application security controls during development, and overseeing security measures for deployed products.
The engineer will represent all areas of security for the business unit, including governance, risk, and compliance (GRC) and security monitoring.
Essential duties include leading partnerships between security and engineering teams, defining processes like threat modeling, supporting red team activities, and contributing to investigations and incident response activities.

Requirements:

Strong communication skills to lead technical discussions and effectively communicate with non-technical audiences are essential.
Expertise in agile product lifecycles, with experience in product management or engineering management roles, is required.
Experience with threat modeling methodologies and the ability to create scalable assessment approaches is necessary.
Familiarity with AWS services such as KMS, Lambda, and IAM is required; knowledge of GCP and/or Azure is a plus.
Proven ability to establish credibility and build trust with engineers and operational staff is essential.
Hands-on experience with microservices and orchestration tools like ECS and EKS is required.
Strong understanding of identity management and authentication standards is necessary.
Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code tools, is required.
Prior experience developing security services for products or enterprise platforms using languages like Python or Node.js is necessary.
Proficiency in writing automation scripts in multiple languages and experience automating security processes in cloud environments is required.
Strong understanding of cryptography and key management use cases is essential.
Familiarity with penetration testing and red team exercises is required.
Ability to balance high-level security strategy with attention to detail is necessary.

The salary for this position ranges from $146,000 to $170,000 per year, with potential eligibility for a bonus.
GoodLeap offers a collaborative work culture that values extraordinary professionals.
The company provides reasonable accommodations for known disabilities to enable qualified applicants to perform essential job functions.
Employees enjoy the benefits and privileges of employment as required by law.