Job location: Remote
About the role:
In this role, you will own the end-to-end security posture of our product platform — spanning mobile applications, REST APIs, microservices, cloud infrastructure, and third-party integrations. You will be involved into the product and engineering lifecycle early, shaping secure design decisions before code is written, and validating them through rigorous assessment. This is a hands-on, deeply technical role where you will both break and help build.
-
Own Application security responsibility for assigned business functions by performing threat modeling, architecture reviews, penetration testing, secure coding programs, and vulnerability management.
- Perform manual penetration testing and vulnerability assessments on web applications, APIs, and android mobile applications
- Perform security reviews for AI‑native products, models, pipelines, and inference services.
- Onboard applications into the SSDLC program and be a security point of contact for the application product.
- Own security incident response for product-layer issues, define remediation plans, and track fixes through to closure
- Integrate and tune SAST/DAST/IAST/SCA tools in CI/CD, create custom rules where needed and actively triage false positives.
- Review and harden cloud infrastructure — Kubernetes RBAC, pod security, network policies, Istio service mesh, Keycloak/OIDC configurations, and IAM across AWS, DigitalOcean, GCP, and Firebase
- Communicate vulnerabilities and risk clearly to developers, product managers, and leadership — in language that drives actionable results
- Conduct Application security trainings for engineers, product managers etc
Experience
- 2–4 years of hands-on application security experience, ideally in product‑based or SaaS companies working directly with engineering teams.
- Solid understanding of OWASP Top 10, API Security Top 10, and common authorization flaws including BOLA, BFLA, and privilege escalation
- Familiarity with security compliance and data privacy frameworks relevant to fintech (SOC 2, PCI-DSS, GDPR, DPDP or similar) is an advantage
Technical Skills
- Perform manually testing web apps, APIs, and Android apps, manual code reviews (beyond just running tools).
- Familiarity with OAuth2, OIDC, JWT, and typical misconfigurations in providers such as Keycloak and Firebase.
- Experience integrating and tuning SAST/DAST (and optionally SCA/IAST) tools within CI/CD pipelines.
- Exposure to cloud‑native security: Kubernetes, containers, service mesh (Istio mTLS and policies), and IAM concepts across at least one major cloud provider.
- Experience with Cloudflare WAF, perimeter security scanning, and/or red‑team testing is a plus.
AI and LLM security (strong plus)
- Familiarity with AI/LLM security risks (e.g., OWASP LLM Top 10).
- Practical experience implementing guardrails, prompt validation, output filtering, or other safety controls in production AI features, or assessing insecure use of third‑party AI APIs.
Automation and tooling
- Ability to script/automate (e.g., Python, Bash) to streamline testing, data collection, and reporting.
- Interest in or experience with building AI based security tools that improve coverage or reduce manual toil.
Passion for security
- Keep abreast of the latest security vulnerabilities and security trends
- Work in a low supervision environment with high accountability
Qualifications
- Bachelor's degree in Computer Science, Cyber Security is preferred
- At least 2 years of experience in the Application security domain.
- Security certification such as OSCP, OSWE, GWAPT, GPEN, CRTP is preferred; active bug bounty participation is a strong plus
- Outstanding communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders.
-
Professional growth in a dynamic, rapidly expanding, high-social-impact industry
- An open-minded, collaborative culture made up of enthusiastic colleagues who are driven by the challenge of innovation towards profound impact on people and the planet.
- A truly multicultural experience: you will have the chance to work with and learn from people from different geographies, nationalities, and backgrounds.
- Structured, tailored learning and development programs that help you become a better leader, manager, and professional through the Sun King Center for Leadership.
Sun King is the world’s leading off-grid solar energy company, combining cutting-edge product design, fintech, and field operations to deliver energy access for the 1.8 billion people who live without an affordable and reliable electric-grid connection.
Sun King has built a new kind of energy utility: distributed, green, customer-centric, and affordable. We bring clean, reliable, decentralized energy directly into people’s lives — from solar kits that provide first-time energy access to multi-kilowatt systems that serve both off-grid users and grid-connected customers powering larger homes, schools, hospitals, farms, offices, and light manufacturing.
Already, 25 million homes and businesses rely on Sun King for electricity supply and the appliances and services it enables: lighting, televisions, fans, refrigeration, and smartphones.
Sun King combines energy generation, energy-efficient appliances, installation, and financing into one seamless offering. Think of it as a distributed utility, designed for wherever energy is needed and designed to scale with its users as incomes and energy needs grow.
Sun King makes solar products affordable to low-income households and businesses via ‘pay-as-you-go’ (PAYG) purchase financing. Sun King installs solar after customers pay a small deposit. Customers then make small, manageable payments of as little as US $0.14 a day via mobile money or cash.
Instead of paying for expensive, polluting, and health-damaging kerosene for lighting or diesel for power, customers unlock savings through accessing solar power and after one to two years of payments, customers own their solar equipment outright.
Sun King collects payments digitally through mobile money systems and its 35,000 field agents — over 1 million payments each day. To date, Sun King has extended more than $1.4 billion in PAYG loans to customers.
Sun King began by powering homes and businesses with solar systems delivered through PAYG financing. Now, we’re using the same model to make smartphones and clean cooking equipment affordable: helping households connect to the digital economy and transition from wood-based fuels to modern, sustainable alternatives.
Sun King employs 3,500 full-time staff in 14 countries, with specialties spanning product design, data science, logistics, customer service, sales, software, operations, and more — all with a passion to serve off-grid families. Sun King is committed to gender diversity in the workplace. Women represent 42% of Sun King’s workforce.
