Staff Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sunrun · 2 weeks ago

Staff Application Security Engineer

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$150K/yr - $180K/yr
date7+ years exp

Sunrun is the #1 home solar and battery company in America, focused on connecting people to clean energy. The Application Security Engineer will protect business applications by identifying and mitigating security risks, collaborating with developers, and fostering a culture of security within the organization.

BatteryClean EnergyEnergyRenewable EnergySolar
check
H1B Sponsor Likelynote

Responsibilities

Threat Modeling & Security Design: Assess potential attack vectors and design defense-in-depth strategies that address gaps across infrastructure, 1st and 3rd party applications, and identity management
Secure Software Development Life Cycle (SSDLC): Partner with application development teams to integrate security into every stage of the development lifecycle. Champion secure coding standards, conduct security code reviews, and provide expert guidance to minimize vulnerabilities before production
Identity & Access Management (IAM): Design, implement, and manage identity security solutions across 1st and 3rd party applications. Showcase hands-on experience in implementing strategies like Zero Trust architecture and modern authentication standards like WebAuthn
Implement & Manage Security Controls: Design, implement, and fine-tune application security controls like SAST/DAST vulnerability scanning and standardizing secure coding practices. Establish and improve operational processes to ensure their continued effectiveness
Guidance, Training & Compliance: Develop and maintain security policies and standards for both application and identity security. Provide ongoing training to developers to elevate secure coding practices
Stakeholder Collaboration: Use strong critical thinking and communication skills to present complex technical concepts to business stakeholders, gain alignment, and independently drive security initiatives forward

Qualification

Application SecurityIdentity & Access ManagementSecure Software Development Life CycleThreat ModelingSecurity Testing ToolsProgramming LanguagesCloud EnvironmentsCertificationsCommunication SkillsCritical ThinkingProblem-Solving

Required

7+ years of combined experience in application security and identity & access management (IAM), with a proven track record of supporting application development teams
Deep knowledge of application security principles, secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and zero-trust architecture
Hands-on experience with security testing tools (SAST, DAST), Web Application Firewalls (WAF), and IAM platforms (e.g., Okta, AWS IAM)
Proficiency in programming languages such as Java, Python, or JavaScript
Strong familiarity with cloud environments (AWS, GCP) and their native security and identity controls
Demonstrated expertise in threat modeling and designing defense-in-depth strategies for complex applications
Solid understanding of modern identity standards and technologies, including MFA, SSO, and WebAuthn
Excellent communication and collaboration skills, with the ability to articulate technical findings and security risks to diverse audiences
Strong critical thinking and creative problem-solving skills, with the ability to analyze systems from an attacker's perspective and devise effective countermeasures

Preferred

Experience with Okta and Salesforce security principles and best practices
Certifications (preferred): Certified Information Systems Security Professional (CISSP), Certified Application Security Engineer (CASE), or similar credentials

Company

Sunrun

twittertwittertwitter
Glassdoor3.4
company-logo
Sunrun provides residential solar electricity, storage solutions, and clean energy services to homeowners.
dateFounded in 2007
location
San Francisco, California, USA
people-size10001+ employees
web-link
https://www.sunrun.com

H1B Sponsorship

Sunrun has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (26)
2024 (26)
2023 (31)
2022 (18)
2021 (15)
2020 (13)

Funding

Current Stage
Public Company
Total Funding
$6.45B
Key Investors
Massachusetts Clean Energy CenterInvestecIdinvest Partners
2025-09-12Post Ipo Debt· $510M
2025-07-18Post Ipo Debt· $431M
2025-01-28Post Ipo Debt· $629M

Leadership Team

leader-logo
Mary Powell
Chief Executive Officer and Director
linkedin
leader-logo
James Allred
VP of Sales
linkedin

Recent News

pv magazine USA
Sunrun and HASI close $500 million distributed energy joint venture
2026-01-11
ImpactAlpha
The Week’s Dealflow: January 9, 2026
2026-01-11
The Cool Down
Industry insider explains how solar panel subscriptions could transform American energy bills: 'No stopping ... this consumer-led revolution'
2026-01-11
Company data provided by crunchbase