About GoodLeap:

GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy-efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap’s proprietary, AI-powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $27 billion in financing for sustainable solutions since 2018.

GoodLeap is also proud to support our award-winning nonprofit, GivePower, which is building and deploying life-saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America.

Position Summary

The GoodLeap security team is responsible for both business enablement and safeguarding the organization’s information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap’s customer, partner, and employee information.

The product and application lead engineer role provides a unique opportunity to shape the security and resilience of GoodLeap products, services, and applications. In this role, you will work closely with the product, engineering, and business teams within GoodLeap's business units, acting as the key individual with both the authority and responsibility to ensure the safety and resilience of the products and services developed and operated by the business unit.

You will be embedded within the business unit and have a dotted-line reporting relationship to the product or business lead for the unit. Your oversight will encompass:

Product features: Identifying potential misuse and abuse cases, proposing features to address these scenarios, and defining product features to meet resilience requirements.

Build-time controls: Managing application security controls and activities during development.

Runtime controls: Overseeing security measures for deployed products.

Additionally, you will represent all areas of security for the business unit(s) you are embedded in, spanning governance, risk, and compliance (GRC) to security monitoring. You will also have the authority to involve other security team members as needed.

While you will take on multiple responsibilities—from advisor to builder and beyond—your primary focus will be designing and building product security services and processes, creating product and application security patterns and practices, and fostering strong relationships with product, business, and engineering teams.