Senior Security Engineer

About EnergyHub

EnergyHub empowers utilities and their customers to create a clean, distributed energy future. We help consumers turn their smart thermostats, EVs, batteries, and other products into virtual power plants that keep the grid stable and enable higher penetration of solar and wind power.

About the Opportunity

We're looking for an experienced Senior Security Engineer to join our team and help enhance the security of our infrastructure and software development lifecycle. This role will be hands-on with our cloud infrastructure and development toolchain, and you will get to focus on both strategy and implementation to drive meaningful long-term improvements. You will have the opportunity to guide best practices for the entire EnergyHub engineering team and build and automate processes to enable fast and secure application delivery.

As one example of the scope of the work you might do in this role, you could be asked to put together a roadmap of items we should do over the next year within a security-related framework (like the CIS Critical Security Controls), then ensure other technical teams have enough context to complete items applicable to them while also doing some implementation yourself for items that don’t fit into other team’s domains.

Main Responsibilities

What you’ll do:

• Keep raising the bar for EnergyHub’s infrastructure security to ensure customer data remains protected.
• Enable our engineering team to be highly productive, safely. Make it easy to do things the right way.
• Develop strategy for and participate in EnergyHub maintaining or achieving compliance with various regulatory frameworks such as SOC 2, SOX, ISO 27001, NIST-SP-800, NERC-CIP and others.
• Help guide the team in design and implementation of secure cloud infrastructure as we roll out improvements and new features.
• Identify and implement new controls to enhance our defense in depth.
• “Shift left” on application and container security by moving security testing farther upstream in the delivery process.
• Operate and automate our vulnerability management programs for applications, containers, and VMs.
• Manage core security tools and technologies such as SIEM, cloud security posture management, etc.
• Play a key role in cross-company security and compliance efforts.
• Partner with our parent security team (EnergyHub is an independent subsidiary of Alarm.com) to leverage additional tools and resources and capitalize on our collective strengths.

Required Skills and Experience

What you need: At EnergyHub, we care about your passion and how you can contribute to our mission. If most of the following describe you, we think you’ll be a great fit for this role:

• You have in-depth knowledge of security principles and best practices developed over 7+ years of experience.
• You’ve managed AWS all the way from security groups to organizations and know the ins and outs of securing AWS infrastructure.
• You’re comfortable tackling ambiguous projects that require you to gather information from multiple stakeholders and formulate a clear plan of action.
• You like to manage all your infrastructure as code, using tools such as Terraform, CloudFormation, or Ansible.
• You understand the security implications of containerized environments such as Kubernetes or ECS, and you know your way around container build processes.
• You’re comfortable on the command line, can hack together a decent shell script, and have solid fundamentals of Linux system administration.
• You have a good understanding of core networking concepts such as TCP/IP, routing, and DNS, and of network security foundations such as ACLs, firewalls, and TLS.
• You have experience administering declarative CI/CD workflows in one tool or another. (We use GitHub Actions.)
• You can write useful Python or another high-level, general-purpose programming language.
• You stay on top of industry developments and have a good overall sense of the security solution spaces.
• You’re familiar with... [Information truncated]

Note: The "Salary" and "Location Type" fields were not provided in the original description.