Security Engineer/Manager SunRun
THIS JOB HAS EXPIRED Who We Are
Sunrun?s mission is to make solar energy affordable for more people. We help people upgrade their home to solar energy without the big upfront costs. Instead, we use a variety of project finance structures to purchase solar facilities for our homeowners and sell them electricity under long-term contracts. We are the leader in our field, having more than double the market share of our closest competitor ? and we are looking for high performers to join our team and help us scale as we grow across thousands of households across over ten states.
About the Role:
Maintains a safe and secure environment for customers, partners, and employees by establishing and enforcing security policies and procedures. Responsible for planning, developing and implementing security plans, security programs such as Emergency Response and Crisis Management, Physical Security, Information Protection, Incident Management and/or Investigation.
Serves as an internal information security consultant to the organization
Implements information security policies and procedures for the organization; creates, documents and socialize security policies and procedures
Provides direct training and oversight to all employees, alliances, or other third parties, ensuring proper information security accordance with established organizational information security policies and procedures
Monitors compliance with information security policies and procedures, referring problems to the appropriate department manager; recommends corrective action where appropriate
Responsible for providing leadership, advice and counsel to line management on security policy and practices. Identifies exposures, recommend and develop corrective plans as appropriate.
Initiates, facilitates, and promotes activities to create information security awareness within the organization
Maintains security operations leveraging managed security service providers
Security engineering including security incident response management, infrastructure security assessments, application security assessments, penetration testing, implementing and supporting new security tools and technologies, scripting and coding as needed.
Perform information security risk assessments and serves as an internal auditor for security issues
Partnering across system domains including IT infrastructure, architects, product development and compliance teams (Finance, Legal)
Partner with Legal on eDiscovery process, procedures, coordination and execution
Coordinates the activities of the cross functional Security Council
Monitors the internal control systems to ensure that appropriate access levels are maintained
Prepares disaster recovery and drives business continuity efforts
Maintains knowledge of industry trends, current security issues, regulatory issues, and security technology; update management on risk and threat that could impact company business.
Candidates should be able to demonstrate broad security engineering and management experience:
5+ years of experience in equivalent security and risk management roles
Experience in implementing security initiatives, security programs and risk management programs including business continuity planning
Scripting and coding experience (e.g., Perl, Python, Ruby)
Experience in network infrastructure, host and endpoint system administration
Security operations experience (IDS, DNS, SIEM, Proxies, etc.)
Strong written communication to create and maintain information system security, documentation, tools and technologies documentation, security policies and procedures
Incident response (some malware analysis desirable)
Web and infrastructure penetration testing (dynamic and static) experience
Strong communications skills, both written and oral, to drive enterprise wide security awareness
A domain certification is a plus: CISSP, CISM, CISA, SANS or other certification
BS Degree in Computer Science or equivalent
||San Francisco, CA |
THIS JOB HAS EXPIRED