Staff Engineer, IT Security

Information Technology Bangalore, India


Description

Position at Enphase Energy

About Enphase

Enphase Energy is one of the fastest growing solar companies in the world.  By combining the power of solar energy and the proven advantages of communications technology, Enphase Energy makes solar power systems productive, reliable, smart, and safe. Our microinverter system is profoundly changing the way solar systems function, and as a result, changing the solar industry itself.

As we continue our growth, we are building teams with highly talented and motivated people. Our work environment is fast-paced, fun, and full of exciting projects. We are seeking top tier talent to join our leading-edge green tech company where you will be part of an accomplished and enthusiastic technical cross-functional organization. Come be a part of the industry leader pioneering improvements in the way Solar Energy delivered to homes and businesses.


Job Description

Enphase Energy’s Information Security (InfoSec) organization is a growing collaborative team focused on protecting Enphase’s data and technology assets from cyber risks and threats, internal and external, while driving a security culture into the business use of IT. This is our team mission, and we are passionate about it. The InfoSec organization provides information- and cyber-security services to Enphase’s businesses and our goal is to provide safe, secure, and resilient IT services to our stakeholders.

A key part of achieving that goal is providing modern and comprehensive security engineering to support capabilities like security operations, risk management, and audit/assessment. Enphase’s IT Security Engineering works to ensure appropriate configuration, functionality, integration, and data management within Enphase’s infrastructure and security tools. Security Engineering is also responsible for working with application development, product development, and business systems stakeholders to ensure all facets of our IT ecosystem are securely deployed and managed.

To achieve these objectives, the InfoSec organization is looking for a Security Engineer to drive this capability forward. The objective of the Security Engineer will be to bring their technical and operational expertise to sustain, improve, and evolve Enphase’s current and future IT ecosystem.

Specifically, the Security Engineer will support the management of enterprise security technology platforms, applications, and services, along with championing Enphase security standards. This position is responsible for performing functions, as requested, to support day-to-day data security operations, supporting and maintaining a suite of information security infrastructure; accountable for security and networking infrastructure component availability and integrity, monitoring compliance with IT security policy and standards, as well as providing Enphase products and systems with secure configuration baselines. This individual will participate in the planning, design, installation, and maintenance of enterprise IT platforms, products, and business systems.

The Security Engineer has the potential to work on many technology aspects including:

  • System security engineering
  • Application or system hardening
  • Security Testing / Penetration Testing
  • Mobile application security
  • Cloud security
  • Cryptography
  • Forensics and malware analysis

Key Responsibilities

The Security Engineer will have responsibility for the following: 

  • Support the architecture, design, implementation, maintenance, and operations of information system security controls and countermeasures.
  • Administer technical security infrastructure to include security tools including, but not limited to, endpoint protection, log management, and network monitoring.
  • Create and review reports on event anomalies.
  • Develop and maintain technical security policies.
  • Support secure development of system interfaces, including electronic data interchanges.
  • Assist in the enforcement and monitoring of legal and regulatory compliance.
  • Analyze business needs in order to research and recommend solutions to InfoSec leadership.
  • Work with application and product development teams, as instructed, to enhance security throughout the full lifecycle (including pre-deployment/development, production, and retirement).
  • Assist with security policy reviews, configuration standards, and 3rd-party audit.
  • Internal tool development, working closely with business groups.
  • Perform other related duties incidental to the work described here.

Required Skills and Experience

  • Undergraduate degree in Engineering, MIS, Computer Science or related field
  • >4 years delivering technical engineering functions - to include solution/platform/service implementation, configuration, integration, monitoring, and support capabilities.
  • >2 years of experience deploying, managing, monitoring, and supporting IT Security-specific solutions within a global enterprise IT environment.
  • Strong technical skills and hands-on experience implementing and configuring security components.
  • Ability to work in a collaborative team environment.
  • Highly responsive and proven professionalism in communication, interpersonal, analytical, and organizational skills.
  • Ability to maintain in depth knowledge of security and networking infrastructure including the management and reporting of each.
  • Experience in ITIL methodologies and frameworks for IT operations.
  • Experience identifying, evaluating, recommending, and implementing processes, procedures, and tools to enhance existing monitoring capabilities and ensure a cycle of continuous improvement.
  • In-depth knowledge of modern security concepts and how to apply them.
  • Experience automating information security processes in enterprise IT environments.
  • Demonstrated technical understanding of Information Security, Endpoint, and Networking operations, integrations, processes, and management concepts – to include protocols and standards.
  • Proven ability to diagnose and troubleshoot technical issues.

 

Desirable Skills and Experience

  • CISSP, GCSA, CND or similar industry-recognized professional certification.
  • Demonstrated experience in computer security combined with risk analysis, audit, and compliance objectives.
  • Experience with IAM and PAM solutions and concepts.
  • Experience with SIEM/SOAR, NDR, EDR, VM, and Data Security solutions and concepts.
  • Proven ability to make decisions and perform complex problem-solving activities under pressure.
  • High degree of creativity and “out-of-the-box” thinking.
  • Able to execute on multiple projects simultaneously in fast-paced environments.
  • Possesses a services and solution orientated approach.
  • Strong writing, communication, and presentation skills.
  • Ability to share knowledge and collaborate by developing content and documentation for distribution to other team members, managers, and customers.
  • Ability to work on a fast pace, ever changing global environment.
  • Outstanding organization skills.
  • Takes responsibility and achieves results.
  • Excellent organizing, time management and priority setting skills.