• A solution salesperson. You understand customer challenges, define requirements, and solve business challenges using our enterprise software solution to achieve positive business outcomes for our prospects. • Great at teaming and collaborating within all departments of a fast-moving startup environment. • Persuasive in your C-level communication. (CISO, Product Security, DevSecOps, VP App Sec leaders are primary targets.) • Persistent in your ability to find, navigate and close complex sales cycles. • Proficient with tools like ZoomInfo, LinkedIn Navigator, Salesforce, SalesLoft, Clari, etc.

• Collaborate with Account Executives to design and present tailored solutions, addressing each customer’s technical and business needs. • Deliver high-impact demos, workshops, and proofs-of-concept (POCs) that demonstrate how Legit integrates with customer environments (CI/CD, SCM, cloud, etc.). • Translate complex requirements into architectural blueprints, aligning Legit capabilities with customer workflows and security objectives. • Serve as the technical voice in sales cycles, building confidence across security, DevOps, Dev Orgs, and executive stakeholders. • Lead onboarding and technical enablement for new customers, ensuring rapid time to value. • Act as a trusted advisor and escalation point, guiding best practices in secure software supply chain management. • Partner with the customer to drive adoption, expansion, and retention, identifying opportunities for upsell and deeper integration. • Conduct Quarterly Business Reviews (QBRs) with technical and executive audiences, highlighting ROI, risk reduction, and next-phase initiatives. • Advocate for customer needs with Product and Engineering, shaping roadmap priorities based on real-world insights. • Contribute to solution playbooks, architecture diagrams, and best-practice guides used across the customer lifecycle.

• Lead product strategy across the Security and Compliance portfolio, with a focus on application security testing as a whole, to drive cohesive roadmaps and measurable growth in adoption and customer value. • Own end-to-end definition and delivery for high-impact initiatives such as packaging internal security capabilities for customers, strengthening vulnerability research, and incubating emerging products from ideation to product-market fit. Ensure clear success criteria, on-time delivery, and demonstrable impact on customer security outcomes and product adoption. • Partner closely with Product Managers in scanners to mentor, coach, and review their product work, including product requirement documents, roadmap decisions, and go-to-market thinking, to elevate the quality and consistency of product execution and improve the success of launches. • Collaborate with cross-functional partners in engineering, design, partnerships, and go-to-market teams to shape positioning, launch plans, and strategic collaborations that expand the Security and Compliance business through increased adoption and engagement. • Drive a clear strategy for vulnerability research and security partnerships, working with internal and external stakeholders to identify opportunities and translate them into product outcomes that measurably improve product quality, coverage, and differentiation. • Use AI-first tools and workflows to quickly explore ideas, create prototypes, and communicate concepts. Increase the speed and quality of product discovery and decision-making by tracking improvements in cycle time and validation effectiveness. • Build strong relationships across GitLab to influence without direct authority, connect work across teams, and help resolve complex escalations in a constructive, transparent way that reduces blockers and improves resolution time and stakeholder satisfaction.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This is an Operational Technology (OT) role embedded in the TerraForm Power Remote Operations Centre, responsible for designing, implementing, and maintaining secure network perimeters for wind, solar, and battery storage operations with a focus on NERC CIP compliant architecture. The Firewall Engineer will work in close partnership with the TERP Cybersecurity Manager, Compliance and Operations Centre staff to ensure robust, compliant, and resilient OT network security across all sites and control centers. Responsibilities - Architecture, Design & Implementation - Design and implement OT network security controls, such as perimeter firewalls, internal segmentation, site‑to‑site and remote‑access VPNs, and WAFs. - Build secure network solutions that align with system architecture for wind, solar, and BESS facilities, EMS/SCADA, and the system control centers. - Define network security zones and conduits for OT, corporate IT, and cloud environments; enforce least privilege and micro‑segmentation. - Engineer solutions using Cisco (ASA/Firepower/FTD) and Check Point (CCSA/CCSE) platforms; integrate with management consoles and policy orchestration tools. - Implement secure remote access for operators, vendors, and field technicians using MFA, bastion/Jump hosts, and role‑based access. - Operations, Monitoring & Incident Response - Administer firewall policies, objects, NAT, routing (OSPF/BGP), and HA/cluster configurations; manage rule lifecycle and clean‑up. - Maintain WAF protections (e.g., F5, Fortinet, Check Point, or cloud WAF) including rule tuning, bot mitigation, and API security. - Operate and improve monitoring and control tools (SIEM/SOAR, NetFlow, packet capture, IDS/IPS); build dashboards and alerts for NERC systems. - Conduct log analysis, threat hunting, and participate in incident triage and response; provide on‑call support for critical events. - Perform regular firewall health checks, performance tuning, firmware/OS upgrades, and vulnerability remediation. - Support occasional after‑hours maintenance windows on an as needed basis. - Compliance & Change Management (NERC Focus) - Implement and maintain controls aligned to NERC CIP standards applicable to Low Impact sites and Medium Impact control centers (e.g., CIP‑003, CIP‑005, CIP‑007, CIP‑008, CIP‑009, CIP‑010, CIP‑011, CIP‑013). - Serve as the technical owner for firewall‑related CIP controls (for example CIP‑005, CIP‑007, CIP‑010), including configuration baselines, access controls, logging, and evidence collection. - Establish and enforce configuration baselines, access controls, evidence collection, and audit‑ready documentation. - Run structured change management programs for firewall and WAF policies, including risk assessment, testing, approvals, and post‑implementation review. - Support audits, self‑assessments, and impact ratings; assist with personnel risk assessment and vendor risk management where applicable. - Collaborate with OT, IT, Compliance, Engineering, and Plant Operations to ensure controls meet operational needs without compromising reliability. - Collaborative Responsibilities - Work in close partnership with the TERP Cybersecurity Manager to align firewall, VPN, and WAF controls with OT/IT cybersecurity strategy, incident response protocols, and compliance requirements. - Participate in joint incident response, risk assessments, and continuous improvement initiatives with the Cybersecurity Manager and Operations Centre leadership. - Coordinate with Operations Centre, plant operators, and engineering teams to ensure security controls support operational reliability and compliance. - Technology Evaluation & Continuous Improvement - Evaluate new firewall, WAF, VPN, and OT security technologies; lead POCs and make data‑driven recommendations. - Identify opportunities to enhance resilience (segmentation, Zero Trust, SD‑WAN security, secure cloud connectivity), and automate repeatable tasks (e.g., policy linting, backup/restore, compliance evidence collection). - OT-Specific Duties - Manage vendor and contractor access for maintenance and commissioning, ensuring robust controls for temporary access and logging. - Design solutions that address site-specific challenges, including limited bandwidth, remote access constraints, and environmental factors. - Support operational resilience by coordinating change windows with grid operations and implementing failsafe configurations to avoid plant outages. Qualifications - Engineer - 5+ years of hands‑on experience administering enterprise firewalls and VPNs (Cisco ASA/Firepower/FTD; Check Point). - Working knowledge of WAF technologies and web security (OWASP Top 10, TLS, mTLS, API security). - Strong command of TCP/IP, routing (OSPF/BGP), NAT, ACLs, IPS/IDS, and packet analysis. - Experience with SIEM/log management (e.g., Splunk, QRadar, LogRhythm), network monitoring (e.g., SolarWinds), and configuration management. - Familiarity with NERC CIP concepts and control implementations for Low and/or Medium Impact environments, or equivalent experience in other regulated OT/ICS environments (for example IEC 62443). - Solid documentation skills and experience operating within formal change management processes. - Clear communicator able to translate complex security topics for plant operations, engineering, compliance, and leadership. - Strong prioritization and execution in high‑availability environments; calm under pressure during incidents. - Collaborative and customer‑focused; builds trusted relationships with site personnel and external partners. - Senior Engineer - All above, plus; - 10+ years in network security with deep expertise in Cisco and Check Point ecosystems, including clustering/HA, threat defense, and advanced policy design. - Proven leadership of firewall/WAF architecture in OT/ICS or critical infrastructure (utilities, energy, industrial). - Demonstrated experience interpreting and implementing NERC CIP requirements in Medium Impact control centers, including evidence management and audit support. - Proficiency guiding incident response and problem management for high-availability environments; ability to mentor engineers and lead complex changes. - Track record of evaluating, selecting, and integrating new technologies; experience with automation (e.g., Ansible, Python) and policy compliance tooling. Education & Certifications - Bachelor’s degree in Computer Science, Electrical/Computer Engineering, Information Security, or related field; or equivalent experience. - Relevant certifications preferred: - Cisco: CCNP Security, CCIE (Security) (plus) - Check Point: CCSA/CCSE - Others, a plus Industry‑Specific (Renewable Energy & OT/ICS) Requirements - Experience with the secure transport of SCADA/EMS, plant DCS/RTUs/PLCs, and OT protocols (OPC, DNP3, Modbus). - Understanding of interconnections between substations, collector systems, BESS EMS, and corporate networks; secure data flows to forecasting, trading, and asset performance platforms. - Knowledge of telecom links common in renewables (leased lines, microwave, LTE/private cellular) and secure backhaul to control centers. - Awareness of site conditions (limited bandwidth, remote access constraints, environmental factors) and designing resilient, maintainable solutions. - Vendor and contractor access management for maintenance, OEM support, and commissioning activities, with strong control over temporary access and logging. - Safety and reliability mindset: change windows coordinated with grid operations, rollback plans, and fail‑safe configurations to avoid plant outages. Compensation $120,000-$140,000 USD, bonus eligible