Description
Enphase Energy is a global energy technology company and a leading provider of solar, battery, and electric vehicle charging products. Founded in 2006, our innovative microinverter technology revolutionized solar power, making it a safer, more reliable, and scalable energy source. Today, the Enphase Energy System enables users to make, use, save, and sell their own power. Enphase is also one of the most successful and innovative clean energy companies in the world, with more than 80 million products shipped across 160 countries.
Join our dynamic teams designing and developing next-gen energy technologies and help drive a sustainable future!
This role at Enphase requires working onsite 3 days a week, with plans to transition back to a full 5 day in office schedule over time.
About The Role
Enphase Energy is looking for experienced Engineer to join our Product Security Testing team. This role focuses on security testing across embedded systems, mobile applications, and cloud/web platforms, ensuring end-to-end product security across the ecosystem.
You will work on identifying vulnerabilities, validating security controls, and building automated testing capabilities across multiple technology stacks.
What You Will Do
- Perform security testing and validation across:
- Embedded firmware and devices
- Mobile applications (Android/iOS)
- Cloud and web applications
- Execute application security testing aligned with OWASP standards (Top 10, API Security, Mobile Top 10).
- Conduct vulnerability assessments and basic penetration testing under guidance.
- Identify and report issues such as:
- Authentication/authorization flaws
- Insecure APIs
- Injection vulnerabilities
- Data exposure and cryptographic weaknesses
- Validate system hardening and secure configurations across devices and cloud environments.
- Develop and maintain automated security test scripts and frameworks (Python, scripting).
- Perform fuzz testing, negative testing, and robustness testing.
- Collaborate with development teams to reproduce, debug, and verify fixes.
- Test secure communication and protocols (UART, SPI, I2C, CAN, TCP/IP, HTTPS, MQTT).
- Assist in threat modeling and security reviews of product features.
- Stay updated with evolving threats in embedded, mobile, and cloud security.
Who You Are And What You Bring
- Bachelor's degree in Computer Science, Electrical Engineering, Electronics & Communication, or related field.
- 2+ years of experience in security testing for mobile, web, and embedded devices
- Strong foundation in C/C++ or any programming language (Python/Java preferred for testing).
- Understanding of embedded systems OR application development (mobile/web/cloud).
- Knowledge of security fundamentals, including:
- Authentication & authorization
- Cryptography basics
- Secure communication
- Familiarity with:
- OWASP Top 10 / Mobile Top 10
- Basic vulnerability assessment tools (e.g., Burp Suite, static/dynamic tools)
- Understanding of testing methodologies (functional, integration, system, and security testing).
- Exposure to Linux/RTOS fundamentals is a plus.
- Familiarity with debugging tools (GDB, JTAG, proxies, network analyzers) is a plus.
- Knowledge of APIs, HTTP/HTTPS, and cloud-based architectures is a plus.
- Experience with test automation or scripting is a plus.
- Familiarity with Git or version control systems.
- Strong analytical and problem-solving skills.
- Ability to work across domains (embedded + application + cloud).
- Curiosity and interest in security testing and vulnerability research.
