Senior Security Engineer, GenSec
Company: GoodLeap
Location: Plano
Posted on: February 18, 2026
|
|
|
Job Description:
Job Description Job Description About GoodLeap: GoodLeap is a
technology company delivering best-in-class financing and software
products for sustainable solutions, from solar panels and batteries
to energy-efficient HVAC, heat pumps, roofing, windows, and more.
Over 1 million homeowners have benefited from our simple, fast, and
frictionless technology that makes the adoption of these products
more affordable, accessible, and easier to understand. Thousands of
professionals deploying home efficiency and solar solutions rely on
GoodLeap’s proprietary, AI-powered applications and developer tools
to drive more transparent customer communication, deeper business
intelligence, and streamlined payment and operations. Our platform
has led to more than $30 billion in financing for sustainable
solutions since 2018. GoodLeap is also proud to support our
award-winning nonprofit, GivePower, which is building and deploying
life-saving water and clean electricity systems, changing the lives
of more than 1.6 million people across Africa, Asia, and South
America. Position Summary The GoodLeap security team is responsible
for both business enablement and safeguarding the organization’s
information assets; it is involved in virtually all aspects of the
business, from product safety and resilience, to building security
paved roads, customer, partner, and regulatory trust, managing
technology governance and compliance, and ensuring the privacy, and
safety of GoodLeap’s customers, partners, and employees
information. The senior security engineer role provides a unique
opportunity to shape the security and resilience of GoodLeap
corporate systems, services, and operational processes. In this
role, you will work closely with product, engineering, IT, and
business teams within GoodLeap, acting as the key individual with
both the authority and responsibility to ensure the safety and
resilience of enterprise systems, products, and services. Your
oversight will encompass: - Enterprise systems: Identifying
potential misuse and abuse cases, proposing solutions to address
these scenarios, and identifying product features, configuration
settings, and/or mitigating or compensating controls to meet
resilience requirements. - Build-time controls: Managing
applications/products security controls and activities during
development. - Runtime controls: Overseeing security measures at
runtime, from prevention to detection and response. Additionally,
you will be involved with aspects of internally built products and
represent all areas of security, spanning governance, risk, and
compliance (GRC) to security monitoring, for a number of
departments/teams. You will also have the authority and ability to
involve other security team members as needed. While you will take
on multiple responsibilities—from advisor to builder and
beyond—your primary focus will be designing and building security
patterns and practices for services and processes, and fostering
strong relationships with product, business, and engineering.
Essential Job Duties & Responsibilities Lead, participate in, and
contribute to partnerships between security, IT, General &
Administrative teams, engineering, product, and operations teams to
build, orchestrate, and automate security controls and services in
GoodLeap enterprise systems, products, services, and operational
processes. Identify potential misuse and abuse cases in enterprise
systems, propose solutions to address these scenarios, and identify
product features, configuration settings, and/or mitigating or
compensating controls to meet resilience requirements. Support or
develop components of the security analytics platform. Contribute
to investigations, threat hunting, and incident response activities
in a supporting role. Collaborate with the monitoring and response
team to create playbooks for specific incident response scenarios
related to the products and services you oversee. These
investigations, incidents, and playbooks may address security,
fraud, privacy, resilience, and related concerns. Support the
security operations team with the vulnerability management
lifecycle for products and services under your purview. Ensure
technical alignment for the products and services you oversee with
team initiatives, including GRC, security operations, and
monitoring and response activities. Required Skills, Knowledge &
Abilities Strong communicator with the ability to lead technical
architecture discussions, drive technical decisions, and
effectively communicate with non-technical audiences. Expertise in
agile product lifecycles. Ideally, you have experience in a product
manager or engineering manager role and understand how SaaS
products (B2B, B2B2C, and B2C) are built, including roadmap
planning and feature and defect prioritization. Experience with
threat modeling methodologies, with the ability to create efficient
and scalable approaches to conducting such assessments. Familiarity
with AWS services, including KMS, SST, Container Registry, ELBs,
Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or
Azure is a plus). Proven ability to establish credibility and build
trust with business, engineers, and operational staff; confident
yet humble. Hands-on experience with managing security for core
enterprise systems, e.g., ERP, HCM, Salesforce, etc. Strong
understanding of both human and non-human identity management and
common enterprise and consumer authentication standards and use
cases. Practical experience with CI/CD pipelines and DevOps tools,
including Infrastructure-as-Code (IaC) tools like Terraform,
Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and
secrets management tools like Doppler and HashiCorp Vault.
Passionate about learning new technologies. While you're not
expected to know everything, you should demonstrate a willingness
and ability to learn as needed. Prior experience interfacing and
supporting with G&A teams, internal product teams, and other
cross-functional areas. Proficiency in writing automation scripts
in multiple languages, with prior experience automating security
processes in cloud or SaaS environments. Experience engaging with
vendors in design partnerships. Experience overseeing vulnerability
and threat management at the platform and application levels.
Familiarity with penetration testing and red team exercises,
including manual verification, exploitation, and lateral movement.
Ability to balance a high-level view of security strategy with
attention to detail, ensuring thorough and effective execution. In
addition to the above salary, this role may be eligible for a
bonus. Additional Information Regarding Job Duties and Job
Descriptions: Job duties include additional responsibilities as
assigned by one's supervisor or other managers related to the
position/department. This job description is meant to describe the
general nature and level of work being performed; it is not
intended to be construed as an exhaustive list of all
responsibilities, duties and other skills required for the
position. The Company reserves the right at any time with or
without notice to alter or change job responsibilities, reassign or
transfer job position or assign additional job responsibilities,
subject to applicable law. The Company shall provide reasonable
accommodations of known disabilities to enable a qualified
applicant or employee to apply for employment, perform the
essential functions of the job, or enjoy the benefits and
privileges of employment as required by the law. If you are an
extraordinary professional who thrives in a collaborative work
culture and values a rewarding career, then we want to work with
you! Apply today! We are committed to protecting your privacy. To
learn more about how we collect, use, and safeguard your personal
information during the application process, please review our
Employment Privacy Policy and Recruiting Policy on AI . We may use
artificial intelligence (AI) tools to support parts of the hiring
process, such as reviewing applications, analyzing resumes, or
assessing responses. These tools assist our recruitment team but do
not replace human judgment. Final hiring decisions are ultimately
made by humans. If you would like more information about how your
data is processed, please contact us.
Keywords: GoodLeap, Keller , Senior Security Engineer, GenSec, IT / Software / Systems , Plano, Texas
