Principal Software Developer (Security Automation)

Ever since we started in 2007, Sunrun has been at the forefront of connecting people to the cleanest energy on Earth. It’s why we’ve become the #1 home solar and battery company in America. Today, we’re on a mission to change the way the world interacts with energy, and we’re building a company and brand that puts power at the center of life. And we’re doing it by designing a dynamic culture where employee development, well-being, and safety come first. We’re unlike any other solar company. Our vertically integrated model gives us total control over every part of the energy lifecycle – from sale through installation and beyond – so you can find endless opportunities for growth. Come join a career you can grow in and a culture you can run with.

This position is primarily remote, with occasional visits to a local office or our corporate headquarters for team-building, training, and collaborative project work. These on-site sessions are designed to strengthen connections, share insights, and ensure a seamless experience for our team and customers. Equipment pick-up from a local branch will be required. We will  provide advance notice whenever on-site attendance is required, making these times purposeful and rewarding.

Position Overview
The Principal Software Developer will focus on strengthening Sunrun’s software build and delivery processes through automation and secure-by-design practices. This role emphasizes designing and implementing automation that integrates security directly into CI/CD pipelines, build systems, and development workflows. You will create scalable tools and integrations that protect the software supply chain, ensure secure build environments, and improve overall efficiency in how software is built and deployed.

Key Responsibilities

• Automate Build Security Controls: Develop, deploy, and maintain automation that enforces secure configurations, dependency integrity, and code provenance across build and deployment pipelines.
• Integrate Security into CI/CD: Design and implement automated guardrails and validation steps within CI/CD pipelines to ensure builds meet security standards before release.
• Build Supply Chain Protections: Automate verification of build artifacts, manage signing processes, and monitor for unauthorized changes in build environments.
• Collaborate on Secure Engineering Practices: Partner with DevOps, development, and security teams to embed secure development practices into build workflows.
• Tooling and Integration: Integrate security-focused tools such as code signing systems, build integrity checkers, secrets management, and CI/CD orchestration platforms to protect the software supply chain.
• Reduce Manual Work: Automate routine build security tasks—such as dependency updates, configuration enforcement, and environment hardening—minimizing manual intervention.
• Performance and Reliability: Continuously monitor, assess, and improve automation systems to ensure reliability, scalability, and high performance across all build and deployment workflows.
• Documentation and Enablement: Produce clear technical documentation and provide training to development and security teams on the adoption and use of secure build automation.

Required Qualifications

• 7+ years in software engineering, DevOps, or security automation with a track record of delivering automation in complex environments.
• Strong programming skills in Python, Go, or Java, with experience building scalable, maintainable integrations.
• Expertise with CI/CD pipelines, embedding automated guardrails, policy enforcement, and build integrity checks.
• Familiarity with modern build systems, artifact repositories, package management, code signing, and release processes.
• Knowledge of DevSecOps and software supply chain security practices, including dependency governance and secure build patterns.
• Experience with AWS or GCP, particularly integrating cloud-native services into automated build workflows.
• Strong collaboration and communication skills to align development, operations, and security teams.
• Bachelor’s degree in Computer Science or related field, or equivalent experience.

Preferred Qualifications

• Experience integrating security tools into pipelines (SAST/DAST, container security, secrets detection, code quality).
• Familiarity with incident response workflows and how secure build automation supports detection and response.
• Proficiency with infrastructure-as-code tools (Terraform, CloudFormation, Ansible).
• Deep experience with CI/CD platforms (GitHub Actions, GitLab CI, Jenkins) and reusable pipeline templates.
• Experience with artifact signing, SBOM generation, and provenance verification to protect the software supply chain.

Recruiter:

Please note that the compensation information is made in good faith for this position only.  It assumes that the successful candidate will be located in markets within the United States that warrant the compensation.  Please speak with your recruiter to learn more.

Starting salary/wage for this opportunity:

Compensation decisions will not be based on a candidate's salary history. You can learn more here.

This job description outlines the primary responsibilities, some essential job functions, and qualifications for the role. It may not include all essential functions, tasks, or requirements. If you are a qualified individual with a disability and you need reasonable accommodation during the hiring process or to perform this role, please contact us at candidateaccommodations@sunrun.com.

Sunrun is proud to be an equal opportunity employer that does not tolerate discrimination or harassment of any kind.  We believe that empowering people and valuing their differences are essential for our mission of connecting people to the cleanest energy on earth. Learn more here: EEO | Sunrun