Principal Cloud Security Engineer
Dallas, TX, United States
Leeward Renewable Energy (LRE) is a high-growth renewable energy company that owns and operates a portfolio of 31 wind, solar and energy storage facilities across the United States, totaling approximately 3 gigawatts of generating capacity. We are actively developing new wind, solar, and energy storage projects in energy markets across the U.S., with about 30 GW of projects under development spanning over 125 projects. With projects currently under construction and soon to commence construction, we expect to commercialize over 1,000 MW of renewable energy projects in the next two years.
LRE is a portfolio company of OMERS Infrastructure, a preeminent global infrastructure investor and investment arm of OMERS, one of Canada's largest defined benefit pension plans with C$127.4 billion in net assets (as at June 30, 2023).
As passionate renewable energy advocates, we take great pride in responsible development and the safe operation of our projects. We are focused on building sustainable solutions for clean, renewable energy, and we remain dedicated to empowering communities through energy independence, job creation, and lasting partnerships.
Position Summary:
The Senior Cybersecurity Analyst/Engineer at LRE will play a crucial role in safeguarding our digital infrastructure, ensuring the integrity, confidentiality, and availability of our data and systems. This position involves designing, implementing, and managing cybersecurity measures, as well as responding to security incidents. The ideal candidate will possess advanced technical skills, a strategic mindset, and a deep understanding of the cybersecurity landscape.
Key Responsibilities:
Design and implement robust security architectures and frameworks to protect LRE's IT and OT (Operational Technology) environments.
Develop and enforce security policies, standards, and best practices across the organization.
Work with the security team to perform tests and uncover network vulnerabilities.
Fix detected/ uncovered vulnerabilities to maintain a high-security standard.
Monitor, analyze, and respond to security incidents, vulnerabilities, and threats using advanced tools and techniques.
Conduct threat modeling and risk assessments to identify potential security weaknesses and recommend mitigation strategies.
Lead incident response activities, including detection, investigation, containment, mitigation, eradication, and recovery.
Develop and maintain incident response plans, playbooks, post-incident analysis reports and security controls set(s).
Ensure compliance with relevant cybersecurity regulations, standards, and frameworks (e.g., NIST, ISO 27001, GDPR) and a line them with NERC CIP.
Conduct regular audits and assessments to validate compliance and effectiveness of security controls.
Manage and optimize security tools such as intrusion detection/prevention systems [IDS/IPS) Nozomi Guardian], encryption programs, SIEM (Security Information and Event Management) systems, and endpoint protection EDR/XDR.
Collaborate with IT and OT teams to integrate security into the development and deployment of new technologies.
Develop and deliver cybersecurity training programs to increase awareness and proficiency among employees.
Advocate for a culture of security within the organization through regular communications and initiatives.
Evaluate and manage relationships with external security vendors and service providers.
Collaborate with stakeholders across different departments to align security initiatives with business objectives.
Qualifications:
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field. Master's degree preferred with minimum of 5-7 years of experience in cybersecurity, with at least 3 years in a senior or lead role, or a minimum of 10 years of experience in cybersecurity, with at least 3 years in a senior or lead role.
Proven experience in securing IT and OT environments within the energy sector or similar industries.
Ability to identify and mitigate network vulnerabilities and explain how to avoid them
Relevant certifications such as CISSP, CISM, CEH, GSEC, or equivalent.
Deep knowledge of cybersecurity principles, tools, and technologies.
Proficiency in identity management, network security, application security, data security, cloud security, and endpoint protection.
Experience with security frameworks and standards (e.g., NIST, ISO 27001, NERC CIP).
Strong understanding of incident response methodologies and digital forensics.
Excellent problem-solving and analytical skills.
Strong communication and interpersonal skills, with the ability to effectively convey complex technical information to non-technical stakeholders.
Leadership abilities with a strategic and proactive approach to security.
Leeward Management Services, LLC is committed to employing a diverse workforce, and provides equal employment opportunity for all individuals regardless of race, color, gender, age, national origin, marital status, sexual orientation, gender identity, status as a protected veteran, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law.
#J-18808-Ljbffr