Principal Cybersecurity Engineer – Battery Storage

Job Description: • Lead key cybersecurity activities and protections at the company • Work day-to-day with a broad set of stakeholders and contributors to drive Plus Power’s cybersecurity program and activities aligning with the company’s compliance and security postures • Promote secure by design and secure by default strategies • Baseline, monitor, identify, and assess security vulnerabilities and risks in applications and infrastructure across operational technology (OT), information technology (IT), data science, and data engineering environments • Own and drive the resolution of different security events, control gaps, policy questions, and technical security risks • Contribute to building repeatable/reusable/systematic security processes and frameworks to identify potential security events • Manage the company’s Compliance & Security Posture Management (CSPM) Platforms • Provide project management for the implementation of security controls while operating cross-functionally • Conduct automated evidence collection operations to guarantee the longevity and uniformity of our controls • Assist with identification and mitigation of cybersecurity risks including compliance concerns (SOX, ISO, NERC-CIP, NIST CSF 2.0) • Develop, communicate, and assess the compliance stance of the framework in relation to internal and external policies • Build out and run a Third-Party Cyber Risk Management (TPRM) Program and mitigate systemic risk from security posture vendors and end-to-end software supply chain • Communicate and maintain cybersecurity and risk metrics for senior executives and leaders of various business units • Work with External Relations team on proposed cybersecurity legislation and regulations • Work with Legal and Compliance team to establish cybersecurity controls to facilitate compliance with applicable laws and regulations Requirements: • 8+ years of experience in identifying security issues and developing mitigation plans • Bachelor's or Master's Degree in Information Systems, Computer Science, Software Engineering, or a closely related field • Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, secure bill of materials, threat modeling, pen tests, or vulnerability assessments • Demonstrated use of scripting/software development skills (e.g., Python, Rust) to automate processes • Certifications in Security: CISSP, CISM, CRISC, CISA, GIAC, and EC-Council desired • Knowledge of fundamental security Email Security, DLP, CSPM, ZTNA, EDR/XDR, and additional security technologies preferred • Experience in successfully implementing KPIs and metrics for security and risk management • Proficient in overseeing the execution of audits, certification programs, and control assessments • Experience with SOC2 ISO27001, and/or NIST security frameworks, controls, tests, and auditing and associated requirements, in addition to familiarity with SOX-regulated environments • Excellent written and verbal communication skills • Ability to work in a fast-paced environment while managing multiple priorities • Ability to operate as a team and/or independently while demonstrating flexibility to changing requirements • Demonstrated ability to work well in a cross-functional environment with both technical and non-technical team members • Ability to effectively use Microsoft Office products – Word, Excel, Power Point, Outlook Benefits: • unlimited vacation • flexible remote work • work from home stipend • educational assistance • parental leave • highly engaging company culture with opportunities for in-person connection and learning and growth Apply tot his job