Job Details
Sr. Vulnerability Management Engineer
Ever since we started in 2007, Sunrun has been at the forefront of connecting people to the cleanest energy on Earth. It’s why we’ve become the #1 home solar and battery company in America. Today, we’re on a mission to change the way the world interacts with energy, and we’re building a company and brand that puts power at the center of life. And we’re doing it by designing a dynamic culture where employee development, well-being, and safety come first. We’re unlike any other solar company. Our vertically integrated model gives us total control over every part of the energy lifecycle – from sale through installation and beyond – so you can find endless opportunities for growth. Come join a career you can grow in and a culture you can run with.
This position is primarily remote, with occasional visits to a local office or our corporate headquarters for team-building, training, and collaborative project work. These on-site sessions are designed to strengthen connections, share insights, and ensure a seamless experience for our team and customers. Equipment pick-up from a local branch will be required. We will provide advance notice whenever on-site attendance is required, making these times purposeful and rewarding.
Position Overview
We are seeking a senior, strategic Vulnerability Management Engineer to lead the evolution and execution of our enterprise-wide vulnerability management program. As our subject matter expert, you will drive strategy, foster a risk-aware culture, and ensure the timely remediation of vulnerabilities across our diverse on-premise and multi-cloud environments. This is a pivotal leadership role focused on transforming vulnerability management into a core information security strength, directly safeguarding our organization's assets and data.
Key Responsibilities:
Strategic Leadership & Program Development:
Develop and own the enterprise vulnerability management strategy, roadmap, policies, and standards, ensuring alignment with business objectives and regulatory requirements.
Act as the definitive subject matter expert on vulnerability threats, exploitation techniques, and mitigation strategies, providing thought leadership to the organization.
Define the organization's risk appetite in collaboration with executive leadership, ensuring the program operates effectively within established risk tolerance levels.
Mentor and guide junior engineers and analysts, serving as the technical escalation point for complex vulnerability issues.
Operational Excellence & Remediation:
Lead the end-to-end vulnerability management lifecycle: from asset discovery, scanning, and analysis to reporting and remediation tracking across all on-premise, cloud (IaaS, PaaS, SaaS), and containerized environments.
Architect, manage, and optimize our suite of vulnerability management tools (e.g., Tenable, Qualys, Rapid7, Wiz, Prisma Cloud) to ensure comprehensive coverage and efficiency.
Drive automation and continuous improvement within the program to streamline processes and enhance capabilities.
Partner with IT and engineering teams to maintain a comprehensive and accurate asset inventory, a critical foundation for program success.
Collaboration & Communication:
Build strong partnerships with Engineering, IT, DevOps, and Application Development teams to drive the timely remediation of vulnerabilities and ensure adherence to SLAs.
Develop and maintain robust metrics, KPIs, and KRIs to measure program effectiveness and communicate our security posture to technical teams and executive leadership.
Design and deliver clear, actionable dashboards and reports that translate complex technical data into business-relevant risk insights.
Champion "shift-left" principles by working with DevSecOps teams to integrate security into the Software Development Lifecycle (SDLC).
Qualifications & Experience
8+ years of progressive experience in cybersecurity, with 5+ years specifically dedicated to enterprise-scale vulnerability management in complex, hybrid environments.
Proven track record of developing, leading, and maturing a successful vulnerability management program with measurable improvements in risk reduction.
Deep, hands-on expertise with leading vulnerability scanning platforms (Tenable, Qualys, etc.) and cloud security posture management (CSPM) tools (Wiz, Prisma Cloud, etc.).
Expert understanding of the vulnerability lifecycle, risk assessment, and advanced prioritization techniques (CVSS, EPSS, CISA KEV).
Proficiency in assessing vulnerabilities across diverse environments, including on-premise infrastructure, multi-cloud platforms (AWS, Azure, GCP), and container technologies (Docker, Kubernetes).
Exceptional leadership and communication skills, with the ability to influence cross-functional teams and present complex technical concepts to both technical and executive audiences.
Preferred Qualifications:
Bachelor’s degree in a relevant field (Computer Science, Cybersecurity, etc.) or equivalent extensive experience.
Experience with scripting languages (Python, PowerShell) to automate tasks and integrate tools.
Knowledge of "Security as Code" principles and experience integrating security into CI/CD pipelines.
Familiarity with compliance frameworks (PCI DSS, HIPAA, SOX, NIST) and their impact on vulnerability management.
Highly desirable certifications: CISSP, CISM, CRISC, GIAC, OSCP, or relevant cloud security certifications.
Recruiter:
Kristina Sedjo (kristina.sedjo@sunrun.com)Please note that the compensation information is made in good faith for this position only. It assumes that the successful candidate will be located in markets within the United States that warrant the compensation. Please speak with your recruiter to learn more.
Starting salary/wage for this opportunity:
150,290.60 to 180,348.72Compensation decisions will not be based on a candidate's salary history. You can learn more here.
This job description outlines the primary responsibilities, some essential job functions, and qualifications for the role. It may not include all essential functions, tasks, or requirements. If you are a qualified individual with a disability and you need reasonable accommodation during the hiring process or to perform this role, please contact us at candidateaccommodations@sunrun.com.
Sunrun is proud to be an equal opportunity employer that does not tolerate discrimination or harassment of any kind. We believe that empowering people and valuing their differences are essential for our mission of connecting people to the cleanest energy on earth. Learn more here: EEO | Sunrun
About Us
Sunrun Inc. (Nasdaq: RUN) is the nation’s leading home solar, battery storage, and energy services company. We believe in the power of solar energy to make a real difference in our world. Together, we can tackle the challenges ahead, knowing that every step towards clean energy counts. Join us on this journey towards a more sustainable tomorrow.
Perks & Benefits
- Medical/Dental/Vision Insurance
- Life Insurance
- Disability Insurance
- 401k Plan
- Stock Purchase Plan
- Paid Vacations/Holidays
- Paid Baby Bonding Leave
- Employee Discounts
- PowerU - 100% Funded Education Programs
A Commitment to Candidate Experience
At Sunrun our fiercely passionate workforce is our greatest asset and help power our mission to connect people to the cleanest energy on earth. We strive to have the best in class experience for our candidates. If you had a great experience or you feel there is room for improvement, please reach out to talentbrand@sunrun.com to share your feedback.
Accommodation for Disabilities
If you have a disability or special need that may require reasonable accommodation in order to participate in the hiring process or to perform this role if you are offered employment, please let us know by contacting us at candidateaccomodations@sunrun.com.
Jobs
for You
- Solar Appointment Setter Direct Sales Stockton, California
- Solar Appointment Setter Direct Sales Bakersfield, California
- Solar Appointment Setter Direct Sales Roseville, California