Sr. Product & Application Security Manager jobs in United States
cer-icon
Apply on Employer Site
company-logo

Sungrow Power Supply Co., Ltd. · 2 weeks ago

Sr. Product & Application Security Manager

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
date10+ years exp

Sungrow Power Supply Co., Ltd. is a global leading provider of PV inverters and ESS, with a strong commitment to security in their product development. The Product & Application Security Manager will be responsible for building and scaling secure development and software supply-chain security capabilities to ensure that all products are designed and delivered with security embedded throughout their lifecycle.

EnergyEnvironmental ConsultingRenewable Energy
badNo H1Bnote

Responsibilities

Integrate modern security controls into every phase of the development lifecycle across applications, firmware, and cloud-connected platforms
Establish secure coding standards, automated testing requirements, and continuous security validation across CI/CD pipelines
Lead security design reviews, threat modeling, architecture assessments, and code-level analysis
Partner with engineering to ensure new features and updates are built securely and consistently
Oversee internal and external penetration testing and teardowns for products, applications, firmware, and supporting components
Lead product vulnerability identification, triage, remediation, and customer-facing security assurance activities
Validate security controls through adversarial simulations, red/purple team exercises, and product-level security testing
Manage product vulnerability disclosure processes in coordination with legal and compliance
Lead supplier and third-party security evaluations across hardware, firmware, software, and cloud services
Own SBOM/HBOM programs, ensuring material transparency, integrity, and continuous monitoring of third-party components
Define and enforce security requirements within vendor onboarding, procurement, and contract processes
Track emerging vulnerabilities in dependencies and coordinate timely mitigation efforts across engineering teams
Partner with the Information Security Manager to align product security with enterprise risk, governance, and compliance frameworks (ISO 27001, SOC 2, NIST, SLSA, NERC CIP, OWASP, SANS. Etc..)
Collaborate with R&D, engineering, and IT/OT teams to embed product security into roadmaps, design decisions, and operational practices
Support customer, partner, and regulatory engagements as the subject-matter expert for product and supply-chain security
Build strong relationships across global and cross-regional engineering teams, navigating time zones and cultural differences effectively

Qualification

Product securityApplication securityDevSecOpsOffensive testingSecure codingFirmware securitySoftware supply-chain securitySBOM managementVulnerability disclosureCollaborative leaderPragmatic problem-solverGlobal partnerCommunicationStrategic thinker

Required

10-12+ years of experience in product security, application security, embedded/firmware security, or DevSecOps
Strong knowledge of secure coding, application security testing, firmware/embedded security fundamentals, and offensive testing methodologies
Experience building or leading secure development programs or product assurance functions
Practical experience with SBOMs, dependency management, software supply-chain security, and disclosure processes
Familiarity with global security standards and regulations relevant to product and critical infrastructure environments
Excellent communication skills and the ability to influence engineers, technical leaders, executives, customers, and suppliers

Preferred

Bachelor's or Master's degree in Computer Science, Cybersecurity, Electrical/Computer Engineering, or related field
Professional certifications such as CSSLP, OSWE, GICSP, or similar
Experience with SBOM/HBOM lifecycle management, coordinated vulnerability disclosure, and modern DevSecOps ecosystems
Background in energy, renewables, industrial control systems, or other critical infrastructure sectors
Veterans are strongly encouraged to apply

Company

Sungrow Power Supply Co., Ltd.

twittertwitter
company-logo
Sungrow is a global leader in renewable energy technology with 740 GW of power electronic converters installed worldwide as of Dec. 2024.
dateFounded in 1997
location
Hefei, Anhui, CHN
people-size10001+ employees
web-link
https://sungrowpower.com/

Funding

Current Stage
Public Company
Total Funding
unknown
2011-11-02IPO

Recent News

PR Newswire
Sunwoda Joins 2026 Sungrow Global Partners Conference to Deepen Global Collaboration and Sustainability
2026-01-09
PV Magazine
Huawei, Sungrow lead Wood Mackenzie’s inverter market ranking
2026-01-06
Energy-Storage.News
Sungrow and Algihaz’ 7.8GWh Saudi Arabia BESS connected to grid
2025-12-19
Company data provided by crunchbase