Asa Remote Jobs (NOW HIRING)

Job Summary:
TerraForm Power is a platform company of Brookfield focused on renewable energy. They are seeking a Senior Engineer for their Remote Operations Centre to design, implement, and maintain secure network perimeters for wind, solar, and battery storage operations, ensuring compliance with NERC CIP standards.
Responsibilities:
• Design and implement OT network security controls, such as perimeter firewalls, internal segmentation, site‑to‑site and remote‑access VPNs, and WAFs.
• Build secure network solutions that align with system architecture for wind, solar, and BESS facilities, EMS/SCADA, and the system control centers.
• Define network security zones and conduits for OT, corporate IT, and cloud environments; enforce least privilege and micro‑segmentation.
• Engineer solutions using Cisco (ASA/Firepower/FTD) and Check Point (CCSA/CCSE) platforms; integrate with management consoles and policy orchestration tools.
• Implement secure remote access for operators, vendors, and field technicians using MFA, bastion/Jump hosts, and role‑based access.
• Administer firewall policies, objects, NAT, routing (OSPF/BGP), and HA/cluster configurations; manage rule lifecycle and clean‑up.
• Maintain WAF protections (e.g., F5, Fortinet, Check Point, or cloud WAF) including rule tuning, bot mitigation, and API security.
• Operate and improve monitoring and control tools (SIEM/SOAR, NetFlow, packet capture, IDS/IPS); build dashboards and alerts for NERC systems.
• Conduct log analysis, threat hunting, and participate in incident triage and response; provide on‑call support for critical events.
• Perform regular firewall health checks, performance tuning, firmware/OS upgrades, and vulnerability remediation.
• Support occasional after‑hours maintenance windows on an as needed basis.
• Implement and maintain controls aligned to NERC CIP standards applicable to Low Impact sites and Medium Impact control centers (e.g., CIP‑003, CIP‑005, CIP‑007, CIP‑008, CIP‑009, CIP‑010, CIP‑011).
• Serve as the technical owner for firewall‑related CIP controls (for example CIP‑005, CIP‑007, CIP‑010), including configuration baselines, access controls, logging, and evidence collection.
• Establish and enforce configuration baselines, access controls, evidence collection, and audit‑ready documentation.
• Run structured change management programs for firewall and WAF policies, including risk assessment, testing, approvals, and post‑implementation review.
• Support audits, self‑assessments, and impact ratings; assist with personnel risk assessment and vendor risk management where applicable.
• Collaborate with OT, IT, Compliance, Engineering, and Plant Operations to ensure controls meet operational needs without compromising reliability.
• Work in close partnership with the TERP Cybersecurity Manager to align firewall, VPN, and WAF controls with OT/IT cybersecurity strategy, incident response protocols, and compliance requirements.
• Participate in joint incident response, risk assessments, and continuous improvement initiatives with the Cybersecurity Manager and Operations Centre leadership.
• Coordinate with Operations Centre, plant operators, and engineering teams to ensure security controls support operational reliability and compliance.
• Evaluate new firewall, WAF, VPN, and OT security technologies; lead POCs and make data‑driven recommendations.
• Identify opportunities to enhance resilience (segmentation, Zero Trust, SD‑WAN security, secure cloud connectivity), and automate repeatable tasks (e.g., policy linting, backup/restore, compliance evidence collection).
• Manage vendor and contractor access for maintenance and commissioning, ensuring robust controls for temporary access and logging.
• Design solutions that address site-specific challenges, including limited bandwidth, remote access constraints, and environmental factors.
• Support operational resilience by coordinating change windows with grid operations and implementing failsafe configurations to avoid plant outages.
Qualifications:
Required:
• 5+ years of hands‑on experience administering enterprise firewalls and VPNs (Cisco ASA/Firepower/FTD; Check Point).
• Working knowledge of WAF technologies and web security (OWASP Top 10, TLS, mTLS, API security).
• Strong command of TCP/IP, routing (OSPF/BGP), NAT, ACLs, IPS/IDS, and packet analysis.
• Experience with SIEM/log management (e.g., Splunk, QRadar, LogRhythm), network monitoring (e.g., SolarWinds), and configuration management.
• Familiarity with NERC CIP concepts and control implementations for Low and/or Medium Impact environments, or equivalent experience in other regulated OT/ICS environments (for example IEC 62443).
• Solid documentation skills and experience operating within formal change management processes.
• Clear communicator able to translate complex security topics for plant operations, engineering, compliance, and leadership.
• Strong prioritization and execution in high‑availability environments; calm under pressure during incidents.
• Collaborative and customer‑focused; builds trusted relationships with site personnel and external partners.
• Bachelor’s degree in Computer Science, Electrical/Computer Engineering, Information Security, or related field; or equivalent experience.
Preferred:
• 10+ years in network security with deep expertise in Cisco and Check Point ecosystems, including clustering/HA, threat defense, and advanced policy design.
• Proven leadership of firewall/WAF architecture in OT/ICS or critical infrastructure (utilities, energy, industrial).
• Demonstrated experience interpreting and implementing NERC CIP requirements in Medium Impact control centers, including evidence management and audit support.
• Proficiency guiding incident response and problem management for high-availability environments; ability to mentor engineers and lead complex changes.
• Track record of evaluating, selecting, and integrating new technologies; experience with automation (e.g., Ansible, Python) and policy compliance tooling.
• Relevant certifications preferred: Cisco: CCNP Security, CCIE (Security) (plus), Check Point: CCSA/CCSE, Others, a plus.
• Experience with the secure transport of with SCADA/EMS, plant DCS/RTUs/PLCs, and OT protocols (OPC, DNP3, Modbus).
• Understanding of interconnections between substations, collector systems, BESS EMS, and corporate networks; secure data flows to forecasting, trading, and asset performance platforms.
• Knowledge of telecom links common in renewables (leased lines, microwave, LTE/private cellular) and secure backhaul to control centers.
• Awareness of site conditions (limited bandwidth, remote access constraints, environmental factors) and designing resilient, maintainable solutions.
• Vendor and contractor access management for maintenance, OEM support, and commissioning activities, with strong control over temporary access and logging.
• Safety and reliability mindset: change windows coordinated with grid operations, rollback plans, and fail‑safe configurations to avoid plant outages.
Company:
TerraForm Power is a leading owner, operator, and producer of renewable energy in North America. Founded in 2014, the company is headquartered in Bethesda, USA, with a team of 51-200 employees. The company is currently Growth Stage.