8+ years of experience delivering vulnerability mitigation plans in fast-paced settings with the ability to manage multiple priorities independently or as part of a team
Security certifications such as CISSP, CISM, CRISC, CISA, GIAC, or EC-Council
Hands-on expertise in at least two security domains (e.g., network or embedded/hardware security, cryptography, web/network protocols, SBOM, threat modeling, pen testing, vulnerability assessment) with OT familiarity
Automation experience using Python or Rust to automate security workflows and establish KPIs/metrics to quantify security and risk performance
Requirements:
Drive the cybersecurity program: Partner daily with stakeholders to align activities to the company’s security/compliance posture; champion secure-by-design and secure-by-default across the company
Own threat vulnerability management: Baseline, monitor, and assess risk across OT/IT/data environments; triage and resolve security events, control gaps, policy questions, and technical risks
Build scalable security operations: Create repeatable frameworks to detect events, quantify feasibility, document risk, and model blast radius; project-manage implementation of security controls
Lead compliance posture management: Administer CSPM platforms; run automated evidence collection; develop, communicate, and assess compliance vs internal/external policies; advance certifications/attestations (SOX, ISO 27001, NIST CSF 2.0)
Job description
This is a remote position.
Lead Energy Storage Cybersecurity Engineer / Cybersecurity Architect
Location: FULLY REMOTE (Anywhere in the USA)
This is an opportunity to join an industry leading renewable energy venture with strong private equity backing that is focused on the development, execution, and operations of dynamic utility-scale energy storage projects.They are at the forefront of the industry, have accumulated over 9GW of projects in a relatively short period of time, and are currently in an accelerated expansion phase which includes key additions to their Software, Data, and Technology Team.
The Lead Energy Storage Cybersecurity Engineer will own our enterprise cyber strategy and hands-on execution—designing and delivering protections that measurably reduce risk. It will build and mature our InfoSec, AppSec, SecOps, IAM, and Data Privacy programs, translating industry frameworks into pragmatic controls, policies, and continuous testing. This is a cross-functional role that will partner across IT, Data Engineering/Science, Operational Technology, Asset Management, EPC, Legal, External Relations, and HR to embed security into both project delivery and corporate operations. You will set governance and standards, manage control implementation, and drive KPI-backed roadmaps with executive-ready communications. This role blends strategic leadership with deep technical acumen to safeguard the business and enable growth. They are committed to creating more renewable infrastructure solutions for the grid and are offering comprehensive compensation packages to their employees leading the drive to meet company goals.Other perks included a competitive base salary, open PTO policy, flex work hours, benefits, the opportunity to work with a transparent Executive Leadership Team..and more.
RESPONSIBILITIES:
Drive the cybersecurity program: Partner daily with stakeholders to align activities to Plus Power’s security/compliance posture; champion secure-by-design and secure-by-default across the company.
Own threat & vulnerability management: Baseline, monitor, and assess risk across OT/IT/data environments; triage and resolve security events, control gaps, policy questions, and technical risks.
Build scalable security operations: Create repeatable frameworks to detect events, quantify feasibility, document risk, and model blast radius; project-manage implementation of security controls.
Lead compliance & posture management: Administer CSPM platforms; run automated evidence collection; develop, communicate, and assess compliance vs. internal/external policies; advance certifications/attestations (SOX, ISO, NERC-CIP, NIST CSF 2.0).
Secure the ecosystem: Stand up and run a Third-Party Cyber Risk Management (TPRM) program to mitigate vendor and software supply-chain risk.
Elevate governance & reporting: Publish executive-ready cyber/risk metrics; partner with Legal & Compliance to operationalize controls and meet laws/regulations; collaborate with External Relations on proposed cyber legislation.
QUALIFICATIONS:
Proven impact (8+ years): Identify vulnerabilities and deliver mitigation plans in fast-paced settings; juggle multiple priorities while operating independently or as part of a team.
Deep technical breadth: Hands-on expertise in 2+ areas (e.g., network or embedded/hardware security, cryptography, web/network protocols, SBOM, threat modeling, pen testing, vulnerability assessment); OT familiarity preferred.
Automation & measurement: Use Python/Rust to automate security workflows; establish and track KPIs/metrics that quantify security and risk performance.
Audit & compliance leadership: Run audits and certification programs end-to-end—scope, control design, testing, risk mapping, and reporting—across SOC 2, ISO 27001, NIST frameworks; experienced in SOX environments.
Stack fluency: Working knowledge of Email Security, DLP, CSPM, ZTNA, EDR/XDR and adjacent security technologies to strengthen enterprise posture.
Credentials & communication: BS/MS in IS/CS/SE (or related); strong written/verbal communicator with cross-functional teams (technical & non-technical); proficient with Microsoft Word, Excel, PowerPoint, Outlook
Solid exposure to cybersecurity best practices for software development and distributed architecture systems.
HUGE PLUS - experience working in production ready coding environments in the energy trading or financial trading sector
HUGE PLUS - solid understanding of national energy markets and renewable energy portfolios - PJM, ERCOT, SPP, MISO, NYISO, ISO-NE, and CAISO; capacity prices, regional energy pricing, congestion and curtailment analysis, transmission constraints, interconnection assessments, LMPs (locational marginal pricing), and/or regional supply and demand curves)
Ideal candidates for this role will have experience working in Senior, Lead, Principal, Hands-on Manager, and Hands-on Director level roles as Principal Cybersecurity Engineer, Cybersecurity Architect, Enterprise Security Engineer, Cyber Security Manager, Platform Security Engineer, Security Solutions Architect
