Principal Cybersecurity Engineer - Battery Storage

8+ years of experience in identifying security issues and developing mitigation plans. Bachelor's or Master's Degree in Information Systems, Computer Science, Software Engineering, or a closely related field. Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, secure bill of materials, threat modeling, pen tests, or vulnerability assessments. Demonstrated use of scripting/software development skills (e.g., Python, Rust) to automate processes. Certifications in Security: CISSP, CISM, CRISC, CISA, GIAC, and EC-Council desired. Knowledge of fundamental security Email Security, DLP, CSPM, ZTNA, EDR/XDR, and additional security technologies preferred. Experience in successfully implementing KPIs and metrics for security and risk management. Proficient in overseeing the execution of audits, certification programs, and control assessments. Experience with SOC2 ISO27001, and/or NIST security frameworks, controls, tests, and auditing and associated requirements, in addition to familiarity with SOX-regulated environments. Excellent written and verbal communication skills. Ability to work in a fast-paced environment while managing multiple priorities. Ability to operate as a team and/or independently while demonstrating flexibility. Demonstrated ability to work well in a cross-functional environment. Ability to effectively use Microsoft Office products. Knowledge of operational technologies preferred.

Drive Plus Power’s cybersecurity program and activities aligned with compliance and security postures. Promote secure by design and secure by default strategies. Baseline, monitor, identify, and assess security vulnerabilities and risks. Own and drive the resolution of security events, control gaps, and technical risks. Contribute to building systematic security processes and frameworks. Manage Compliance & Security Posture Management (CSPM) Platforms. Provide project management for security control implementation. Conduct automated evidence collection operations. Assist with identification and mitigation of cybersecurity risks including compliance concerns (SOX, ISO, NERC-CIP, NIST CSF 2.0). Develop, communicate, and assess compliance stance against policies. Build out and run a Third-Party Cyber Risk Management (TPRM) Program. Communicate cybersecurity and risk metrics to senior executives. Work with External Relations team on proposed cybersecurity legislation. Work with Legal and Compliance team to establish cybersecurity controls.