• Design and develop product security APIs, tools, and utilities for internal and external stakeholders. • Conduct threat modeling and secure design reviews for application backend services and business integrations. • Perform advanced penetration tests and adversarial attack simulations against Harness modules, APIs, and codebase using industry-standard frameworks. • Lead manual and automated code review efforts to discover vulnerabilities, weaknesses, and anti-patterns in the Harness platform. • Implement and operate security tooling including SAST, DAST, and SCA, and integrate these into CI/CD pipelines. • Consult and advise developers and Product Managers on security standards, vulnerability remediation, and security architecture. • Assess risks and trade-offs, and propose solutions for product security features such as authentication and authorization. • Participate in the creation, review, and implementation of technical security standards across global engineering teams. • Use the Harness platform to integrate security processes like vulnerability management into the SDLC. • Collaborate cross-functionally with Engineering and Product to accelerate the release of software with security by design.

Role Description Sungrow Americas is seeking a Product and Application Security Engineer to execute security across the full product ecosystem, spanning firmware, embedded systems, hardware-integrated applications, cloud services, and connected platforms. This role is responsible for deep technical security execution across the entire product lifecycle, ensuring that security is embedded from device to cloud to application layer. You will serve as the hands-on technical authority, working directly with engineering teams to identify, validate, and remediate vulnerabilities across software, firmware, hardware interfaces, and system integrations. This is a high-depth, cross-domain role, ideal for an engineer who can move fluidly between code, devices, protocols, and cloud architectures. Key Responsibilities - Full-Stack Product Security - Perform security assessments across: - Applications (web, APIs, backend services) - Firmware and embedded systems - Hardware interfaces and device communications - Cloud-connected platforms and IoT ecosystems - Conduct code review, firmware analysis, and system-level security testing - Identify and validate vulnerabilities across the entire product attack surface - Secure Development & System Hardening - Embed security into SDLC across software, firmware, and device-integrated systems - Define and implement secure design patterns across: - Application layers - Device firmware - Communication protocols - Partner with engineering to ensure secure-by-design architecture decisions - Offensive Security & Validation - Perform and support penetration testing, firmware analysis, and device-level assessments - Validate findings from internal testing, third-party assessments, and teardowns - Simulate real-world attack paths across device → network → cloud → application - Vulnerability Management - Triage and validate vulnerabilities across software, firmware, and hardware layers - Provide clear, actionable remediation guidance tailored to engineering teams - Track and drive remediation aligned to risk and customer impact - Software & Hardware Supply Chain Security - Support SBOM/HBOM analysis and validation - Identify risks in third-party libraries, firmware components, and hardware dependencies - Assist in mitigation strategies across supplier-integrated components - Emerging Technology & Advanced Systems Security - Evaluate security risks in: - IoT architectures and edge devices - Cloud-native and distributed systems - Agentic / autonomous system behaviors (where applicable) - Help define guardrails for secure adoption of new technologies - Engineering Integration & Enablement - Act as a trusted technical partner to software, firmware, and hardware teams - Translate security findings into practical engineering fixes - Provide real-time guidance during development, not just post-testing - Contribute to a culture of security ownership within engineering - AI & Automation - Experience leveraging AI/ML-assisted tools to improve security engineering outcomes, including: - Code analysis and vulnerability detection - Secure code generation and review validation - Automation of repetitive security testing and triage tasks - Ability to integrate AI capabilities into engineering workflows, including: - API-based integrations with development and security tooling - Automation of security processes within CI/CD pipelines - Working understanding of security risks associated with AI-enabled systems, including: - Prompt injection and model misuse - Data exposure and model leakage risks - Secure handling of sensitive data in AI workflows - Practical ability to build lightweight automation and tooling (scripts, integrations, or pipelines) to scale security operations Qualifications - 6–10+ years of experience in product security, embedded security, application security, or IoT security - Hands-on experience across multiple layers of the stack, including: - Application security (OWASP, API security) - Firmware or embedded systems - Network protocols and device communications - Strong ability to perform: - Manual code review - Firmware analysis (static/dynamic) - System-level threat analysis - Experience with security tooling across SAST, DAST, SCA, firmware analysis, and network testing - Working knowledge of modern architectures (cloud, microservices, device-cloud integration) - Ability to leverage AI. Preferred - Experience with industrial systems, energy, or OT environments - Familiarity with hardware security concepts (secure boot, TPM, hardware roots of trust) - Experience with reverse engineering or low-level debugging - Exposure to SBOM/HBOM frameworks and supply chain security models (SLSA, etc.) - Certifications such as OSCP, OSCE, OSWE, GXPN, or similar Competencies - Cross-Domain Depth: Comfortable moving between firmware, hardware interfaces, applications, and cloud - Hands-On Operator: Executes, tests, breaks, and fixes—not just advises - Systems Thinker: Understands how components interact across the full product lifecycle - Engineering Credibility: Earns trust through technical accuracy and practical solutions - Adaptable Problem Solver: Effective in complex, evolving product environments Travel - Up to 10% Work Location and Status - Full-time position - Remote - No visa sponsorship Sungrow is an equal opportunity employer. Due to strong interests in this position, Sungrow will only reach out to those candidates who best meet the requirements. Thank you for your interest in Sungrow.

Role Description We are looking for a hands-on security leader and subject matter expert in application security and AI security, responsible for defining the architectural security goals and implementation strategy for WebPT’s cloud-native SaaS environments. This engineer serves as the security team’s technical anchor—performing deep dives into complex application and system designs, evaluating AI/ML platform risks, and translating security requirements into practical engineering guidance that enables the business rather than slowing it down. Working closely with engineering leadership, product managers, and third-party development partners, this leader will be the voice of security in architecture reviews, design sessions, and vendor evaluations, ensuring that security and compliance are built in from the start. What You’ll Be Doing As A Part of Our Team - Application Security Architecture - Lead application security architecture reviews for WebPT’s SaaS platforms, including new feature designs, third-party integrations, and major platform changes submitted through the change management process. - Own and facilitate threat modeling sessions with product and engineering stakeholders, translating findings into actionable developer guidance, architectural guardrails, and risk-accepted documentation. - Help define and evolve WebPT’s Secure Software Development Lifecycle (SDLC), embedding security checkpoints into GitLab CI/CD pipelines and development workflows without creating unnecessary friction. - Oversee application security testing tooling, triage findings by risk, and drive remediation with engineering teams—balancing thoroughness with the pace of a lean environment. - Serve as the internal authority on API security, secrets management, authentication and authorization patterns (OAuth 2.0, SAML, OIDC), and input validation across microservices and legacy systems. - AI Security & Governance - Serve as the primary security resource for AI/ML integration decisions, including agentic AI workflows, LLM-based features, ambient listening, and third-party AI platform technologies. - Define and maintain WebPT’s AI security standards and AI vendor risk assessment criteria, including evaluation of AI/ML platforms for HIPAA BAA compliance, data residency, prompt injection risk, and model confidentiality. - Partner with engineering and product to design security guardrails for AI feature development: input/output validation, audit logging, human-in-the-loop controls, and AI supply chain integrity. - Drive AI Shadow IT discovery and governance initiatives, analyzing telemetry from Wiz, CrowdStrike, and network/DNS sources to identify unauthorized AI tool usage across the environment. - Stay current with AI threat vectors and regulatory guidance (NIST AI RMF, OWASP LLM Top 10, HHS AI policy) and translate these into WebPT-specific controls and policy updates. - Cloud & Infrastructure Security - Partner with Cloud Operations to maintain and continuously improve WebPT’s security posture across cloud environments, leveraging Wiz for cloud security assessment and misconfiguration detection. - Provide security architecture input for infrastructure-as-code pipelines, container security, and CI/CD pipeline hardening in GitLab. - Contribute to vulnerability management strategy including EOL technology remediation, CVE triage, and risk-based prioritization in partnership with Cloud Operations and the broader security team. - Provide security guidance on WAF configuration (F5), network segmentation, and secrets management across the production environment. - Security Leadership & Cross-Functional Partnership - Participate actively in change management and security review processes, providing timely, risk-calibrated assessments and serving as a trusted partner to engineering—not a gatekeeper. - Mentor other engineers on the Security team, providing technical coaching on application security concepts, tool usage, and security investigation techniques. - Produce clear security architecture decision records, threat model summaries, risk assessments, and remediation roadmaps; evangelize secure development practices across the engineering organization. - Represent security in cross-functional forums with engineering, product, and operations leadership; translate complex security risks into business-relevant language for board- and investor-ready reporting. - Contribute to external penetration test scoping, coordination, and remediation, and support SOC 2 Type II and HIPAA compliance audit cycles as a technical subject matter expert. Qualifications - 8+ years of progressive security engineering experience, including at least 4 years in a senior or principal application security or product security role. - Deep technical proficiency in OWASP Top 10, threat modeling, SAST/DAST tooling, secure code review, API security, and authentication/authorization patterns. - Demonstrated understanding of AI/ML security risks including prompt injection, model supply chain attacks, data leakage in LLM integrations, and agentic AI trust boundaries. - Hands-on experience securing cloud-native SaaS applications, preferably on AWS with containerized and Kubernetes workloads, IaC pipelines, and microservices architectures. - Proven experience evaluating third-party AI/ML platforms and vendors for security and compliance risk in HIPAA-regulated or similarly regulated environments. - Proven ability to operate independently in a fast-paced, lean environment and influence engineering outcomes without direct authority. - Excellent written and verbal communication skills; able to translate technical risk into business impact for executive and non-technical stakeholders. - Strong working knowledge of HIPAA Security Rule requirements as applied to a cloud SaaS architecture. Ideally, You Would Also Have These - Bachelor’s degree in Computer Science, Information Security, or a related technical field. - One or more industry certifications: OSCP, CSSLP, AWS Security Specialty, CISSP, or equivalent security practitioner credential. - Familiarity with clinical documentation standards, EMR data sets, and the nuances of HIPAA compliance in a SaaS product context. - Hands-on experience with Wiz, CrowdStrike Falcon, Rapid7 InsightIDR/InsightVM, or comparable enterprise cloud and endpoint security platforms. - Exposure to agentic AI development frameworks and an understanding of how these architectures introduce novel security challenges. - Experience with GitLab CI/CD pipeline security, dependency scanning, and software supply chain security controls. - Familiarity with privileged access management solutions (Teleport, BeyondTrust, CyberArk) and certificate-based access control models. - Previous experience providing technical leadership in a hybrid internal/external team environment. Culture is at our Core - Service: Create Raving Fans - Accountability: F Up; Own Up - Attitude: Possess True Grit - Personality: Be Minty - Work Ethic: Be Rock Solid - Community Outreach: Give Back - Health and Wellness: Live Better - Resource Efficiency: Do Más With Menos About Us Here, we work hard—but we have lots of fun doing it. We believe in equal opportunity for all, autonomy, trailblazing, and always doing right by our Members. Most importantly, though, we believe in empowering rehab therapy professionals to achieve greatness in practice. So, if you’re a can-do kinda person who loves to help Members win and enjoys working from just about anywhere—then you’ll fit right in. We’ve got big plans, but we can’t achieve them without you. Join us, and let’s achieve greatness.

Join Kainos and Shape the Future At Kainos, we’re problem solvers, innovators, and collaborators - driven by a shared mission to create real impact. Whether we’re transforming digital services for millions, delivering cutting-edge Workday solutions, or pushing the boundaries of technology, we do it together. We believe in a people-first culture, where your ideas are valued, your growth is supported, and your contributions truly make a difference. Here, you’ll be part of a diverse, ambitious team that celebrates creativity and collaboration. Ready to make your mark? Join us and be part of something bigger. MAIN PURPOSE OF THE ROLE & RESPONSIBILITIES IN THE BUSINESS: As a Security Architect (Consultant) in Kainos, you’ll be responsible for the design and application of good security practices in the platforms and services we build for our customers. You’ll work with Agile delivery teams to develop good security practices throughout the software development journey. You’ll learn about and apply new technologies and approaches, with talented colleagues who will help you develop and grow.  You’ll share knowledge and help educate people – both customers and Kainos team members.  You’ll manage, coach and develop a small number of staff, with a focus on managing employee performance and assisting in their career development. You’ll also provide direction and leadership for your team as you solve challenging problems together. MINIMUM (ESSENTIAL) REQUIREMENTS • Experience in the secure design and delivery of new cloud services and solutions.  • Experience in identifying security issues in existing system designs or products, including recommending sensible mitigations that balance cost, risk and usability.  • Knowledge of security standards and regulations (e.g. NCSC, ISO, SoC, NIST, PCI, GDPR). • Deep architectural experience in one of the following specialisms: AI/ML Security/Cloud/M365/DevSecOps Security Architecture • Experience in application architecture, software development and/or infrastructure architecture.  • Clear communication with technical and non-technical audiences • Experience mentoring engineers and architects • Experience testing the security of software and infrastructure using appropriate security tools. • Experience with Continuous Security, Continuous Integration and Continuous Delivery techniques. • Experience of network security (e.g. OSI, TCP/IP), web application security (e.g. OWASP) and cryptographic controls (e.g. PKI, TLS). • We are passionate about developing people – a demonstrated ability in managing, mentoring and coaching members of your team and wider community is important • Excellent communication skills, with the ability to convey security complexities to audiences of various technical abilities (e.g. senior stakeholders, development teams). DESIRABLE • Experience of Identity management and authentication/authorisation products and patterns.  • Specialism in a sector (we're currently focused on Health, Gov, Defence) • End-to-end security involvement, including governance, risk and compliance, operational security, supply chain security and secure user management. • Penetration testing qualifications (e.g. OSCP, CREST, TIGER or equivalent) • Experience leading security engineers and other junior members of staff • Involvement across the full security lifecycle Embracing our differences   At Kainos, we believe in the power of diversity, equity and inclusion. We are committed to building a team that is as diverse as the world we live in, where everyone is valued, respected, and given an equal chance to thrive.   We actively seek out talented people from all backgrounds, regardless of age, race, ethnicity, gender, sexual orientation, religion, disability, or any other characteristic that makes them who they are.   We also believe every candidate deserves a level playing field. Our friendly talent acquisition team is here to support you every step of the way, so if you require any accommodations or adjustments, we encourage you to reach out. We understand that everyone's journey is different, and by having a private conversation we can ensure that our recruitment process is tailored to your needs.