About GoodLeap:
GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap’s proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018.
GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America.
Position Summary
The GoodLeap security team is responsible for both business enablement and safeguarding the organization’s information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap’s customers, partners, and employees information.
The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap to design, build, implement, and operate security and fraud monitoring, detection, and response capabilities.
Your Oversight Will EncompassSecurity & Fraud Monitoring, Detection, and Response: Identification of potential misuse and abuse cases, determining corresponding events associated with manifestation of such scenarios, design of identification and detection solutions –e.g., correlated/iterative event searches across log sources ranging from infrastructure to applications/SaaS platforms, testing, implementation, monitoring, and fine-tuning of these solutions, etc. Toolset design and operations: Design and build the monitoring, detection, and response platform, from tool selection and integration – e.g., SIEM, SOAR, agentic SOC, EDR, to daily operations/management Incident Response: Play a leading role in the definition, refinement, and execution of incident response activities. Overall Security Operations: Management and operation of security platforms/solutions outside monitoring, detection, and response platform. Support Embedded Product Security Team: Design, build, and implement monitoring and detection solutions for GoodLeap products and services.Essential Job Duties & ResponsibilitiesLead, participate in, and contribute to security and fraud monitoring, detection, and response activities, inclusive of investigations, threat hunting,etc. Create playbooks for specific incident response scenarios.Identify potential misuse and abuse cases in enterprise systems, propose solutions to detect these scenarios, and identify and implement monitoring and detection solutions for such scenarios.Support or develop components of the security analytics platform.Support embedded (product) security team.Support general security operations team with vulnerability management, tools management, and more.Required Skills, Knowledge & AbilitiesStrong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences. Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations, etc. Experience with threat modeling methodologies. Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR, etc. Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. · Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Experience working with and creating solutions based AI and ML toolsets – e.g., creation of AI skills, agents, MCP clients, vibe coding. Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting teams outside of security – e.g., internal product teams and other cross-functional areas. Proficiency in writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third-party cloud/SaaS platforms, automating detection, response, and operational processes. · Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective executionAdditional Information Regarding Job Duties and Job Descriptions:
Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law.
If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today!
