The GoodLeap security team is responsible for both business enablement and safeguarding the organization’s information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap’s customers, partners, and employees information.
The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap systems, services, and operational processes.
In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap to design, build, implement, and operate security and fraud monitoring, detection, and response capabilities.

Requirements

Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non-technical audiences.
Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations, etc.
Experience with threat modeling methodologies.
Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR, etc.
Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus).
Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. · Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce, etc.
Experience working with and creating solutions based AI and ML toolsets – e.g., creation of AI skills, agents, MCP clients, vibe coding.
Strong understanding of both human and non-human identity management and common enterprise and consumer authentication standards and use cases.
Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault.
Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed.
Prior experience interfacing and supporting teams outside of security – e.g., internal product teams and other cross-functional areas.
Proficiency in writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third-party cloud/SaaS platforms, automating detection, response, and operational processes. · Experience engaging with vendors in design partnerships.
Experience overseeing vulnerability and threat management at the platform and application levels.
Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement.
Ability to balance a high-level view of security strategy with attention to detail, ensuring thorough and effective execution.

Benefits

In addition to the above salary, this role may be eligible for a bonus and equity.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security event managementthreat huntingincident responseplaybook creationthreat modeling methodologiesEDR solutionsAWS servicesCI/CD pipelinesInfrastructure-as-Codeautomation scripting

Soft Skills

strong communicatorleadershipcredibilitytrust buildingcollaborationpassion for learningattention to detailhigh-level security strategy