Application Security Lead

Our Mission  

SPAN develops products that accelerate the rapid adoption of renewable energy in the home. The flagship SPAN Smart Panel is the first true evolution for the traditional home electric panel, harnessing enhanced technology for metering, monitoring, and control. An expanded product suite of intelligent, integrated solutions radically lowers the cost and complexity of energy upgrades–including solar, batteries and EVs–empowering homeowners to be active, resilient and informed players in the energy market. 

The Role

We are looking for a hands-on individual with a white hat hacker mindset to join us in an Application Security Lead Role as part of the Security & IT team at Span. You will be responsible for building out Span’s application security program and architecting, developing and deploying application security tools and technologies to protect Span's platform and backend infrastructure. Responsibilities include:

• Develop the secure SDLC process at Span and perform static security code analysis (SAST) of Span's code base on a regular basis and provide relevant recommendations to Span's developers.
• Perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production.
• Perform threat modeling on existing and upcoming feature sets in the Span applications so that appropriate security controls can be built from the ground up.
• Review security alerts and reports on a daily basis and work closely with the DevOps team in any follow up investigation or remediation.
• Manage the bug bounty program at Span and work with the developers for timely remediation of the reported issues.
• Manage external independent Application Security Testing and ensure timely remediation of issues.
• Identify all vulnerabilities originating from third party dependencies and ensure timely remediation.
• Impart ongoing secure code and application security best practices training to developers.

About You 

We are seeking an Application Security Lead who has:

• Bachelors in Computer Science or related field
• 5+ years in a security engineering or operations role
• Strong knowledge of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
• Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
• Experience with developing threat models (STRIDE, DREAD, etc.)
• Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
• Experience with automation tools like Ansible, Chef, Puppet, Jenkins desired but not a must have
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
• Experience with Web Application Firewalls (WAF) desired but not a must have

Life at SPAN

SPAN embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. 

Headquartered in San Francisco’s vibrant SoMa neighborhood, we are an eclectic group of creative thinkers who value open communication, teamwork, and a ‘make it happen’ approach to addressing complex challenges. 

Our CEO, Arch Rao⁠—former head of the Tesla Powerwall team⁠—fosters an energetic and collaborative environment, with a strong emphasis on maintaining work-life-balance across the organization.

We’re hiring talented individuals who are driven by success and are passionate about shaping the future of renewable energy. If that sounds like you, we’d love for you to consider joining the rapidly growing team at SPAN.

The Perks:

⚡ Competitive compensation + equity grants at a well-funded, venture-backed company

⚡ Comprehensive benefits (including medical; dental, vision, life and disability insurance)

⚡ Comfortable, sunny office space located near BART and Caltrain public transit

⚡ Strong focus on teambuilding and company culture (events, meet-ups, clubs)

⚡ Flexible hours and unlimited PTO

Our Mission & Values:

At SPAN, we believe that powering your home with clean energy should be a simple and delightful experience that is at its essence human-centered and technology-forward.

Our core values include:

• Making home energy more accessible, intuitive, and convenient.
• Enabling homes and vehicles to be powered by the sun.
• Building resilient homes with reliable power.
• All-electric everything.
• A more flexible & distributed grid.

Interested in joining our team? Submit an application today and we’ll be in touch with next steps!