Staff Application Security Engineer

« Back to Jobs

Staff Application Security Engineer

Sunrun | Germany, OH, US

Posted 8 days ago

Apply Now

Description

Overview

Staff Application Security Engineer at Sunrun. This position is primarily remote, with occasional visits to a local office or our corporate headquarters for team-building, training, and collaborative project work. Equipment pick-up from a local branch will be required. We will provide advance notice whenever on-site attendance is required, making these times purposeful and rewarding.

Position Overview: The Application Security Engineer at Sunrun plays a pivotal role in protecting the applications that power our business. This position requires expertise across identity systems, and software development lifecycle. You will be responsible for driving the identification, assessment, and mitigation of security risks from the initial design phase through deployment and beyond. You will collaborate closely with developers and IT teams to integrate robust security practices, implement advanced protective measures for both applications and identities, and foster a comprehensive culture of security across the organization.

Responsibilities

  • Threat Modeling & Security Design: Assess potential attack vectors and design defense-in-depth strategies that address gaps across infrastructure, 1st and 3rd party applications, and identity management.
  • Secure Software Development Life Cycle (SSDLC): Partner with application development teams to integrate security into every stage of the development lifecycle. Champion secure coding standards, conduct security code reviews, and provide expert guidance to minimize vulnerabilities before production.
  • Identity & Access Management (IAM): Design, implement, and manage identity security solutions across 1st and 3rd party applications. Demonstrate hands-on experience in implementing strategies like Zero Trust architecture and modern authentication standards like WebAuthn.
  • Implement & Manage Security Controls: Design, implement, and fine-tune application security controls like SAST/DAST vulnerability scanning and standardizing secure coding practices. Establish and improve operational processes to ensure their continued effectiveness.
  • Guidance, Training & Compliance: Develop and maintain security policies and standards for both application and identity security. Provide ongoing training to developers to elevate secure coding practices.
  • Stakeholder Collaboration: Use strong critical thinking and communication skills to present complex technical concepts to business stakeholders, gain alignment, and independently drive security initiatives forward.

Qualifications

  • 5+ years of combined experience in application security and IAM
  • Deep knowledge of application security principles, secure coding practices, OWASP Top 10, and zero-trust architecture
  • Hands-on experience with SAST, DAST, WAF, and IAM platforms (e.g., Okta, AWS IAM)
  • Proficiency in programming languages such as Java, Python, or JavaScript
  • Familiarity with cloud environments (AWS, GCP) and their native security and identity controls
  • Threat modeling and defense-in-depth design experience
  • Understanding of MFA, SSO, WebAuthn
  • Excellent communication and collaboration skills
  • Strong critical thinking and problem-solving abilities

Preferred Qualifications

  • Experience with Okta and Salesforce security principles
  • Certifications (preferred): CISSP, CASE, or similar

Recruiter: Kristina Sedjo ()

Apply Now

#J-18808-Ljbffr