[Remote] Engineer/Senior Engineer, Firewall

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. TerraForm Power is a platform company of Brookfield focused on renewable energy. They are seeking a Senior Engineer for their Remote Operations Centre to design, implement, and maintain secure network perimeters for wind, solar, and battery storage operations, ensuring compliance with NERC CIP standards.ResponsibilitiesDesign and implement OT network security controls, such as perimeter firewalls, internal segmentation, site‑to‑site and remote‑access VPNs, and WAFsBuild secure network solutions that align with system architecture for wind, solar, and BESS facilities, EMS/SCADA, and the system control centersDefine network security zones and conduits for OT, corporate IT, and cloud environments; enforce least privilege and micro‑segmentationEngineer solutions using Cisco (ASA/Firepower/FTD) and Check Point (CCSA/CCSE) platforms; integrate with management consoles and policy orchestration toolsImplement secure remote access for operators, vendors, and field technicians using MFA, bastion/Jump hosts, and role‑based accessAdminister firewall policies, objects, NAT, routing (OSPF/BGP), and HA/cluster configurations; manage rule lifecycle and clean‑upMaintain WAF protections (e.g., F5, Fortinet, Check Point, or cloud WAF) including rule tuning, bot mitigation, and API securityOperate and improve monitoring and control tools (SIEM/SOAR, NetFlow, packet capture, IDS/IPS); build dashboards and alerts for NERC systemsConduct log analysis, threat hunting, and participate in incident triage and response; provide on‑call support for critical eventsPerform regular firewall health checks, performance tuning, firmware/OS upgrades, and vulnerability remediationSupport occasional after‑hours maintenance windows on an as needed basisImplement and maintain controls aligned to NERC CIP standards applicable to Low Impact sites and Medium Impact control centers (e.g., CIP‑003, CIP‑005, CIP‑007, CIP‑008, CIP‑009, CIP‑010, CIP‑011)Serve as the technical owner for firewall‑related CIP controls (for example CIP‑005, CIP‑007, CIP‑010), including configuration baselines, access controls, logging, and evidence collectionEstablish and enforce configuration baselines, access controls, evidence collection, and audit‑ready documentationRun structured change management programs for firewall and WAF policies, including risk assessment, testing, approvals, and post‑implementation reviewSupport audits, self‑assessments, and impact ratings; assist with personnel risk assessment and vendor risk management where applicableCollaborate with OT, IT, Compliance, Engineering, and Plant Operations to ensure controls meet operational needs without compromising reliabilityWork in close partnership with the TERP Cybersecurity Manager to align firewall, VPN, and WAF controls with OT/IT cybersecurity strategy, incident response protocols, and compliance requirementsParticipate in joint incident response, risk assessments, and continuous improvement initiatives with the Cybersecurity Manager and Operations Centre leadershipCoordinate with Operations Centre, plant operators, and engineering teams to ensure security controls support operational reliability and complianceEvaluate new firewall, WAF, VPN, and OT security technologies; lead POCs and make data‑driven recommendationsIdentify opportunities to enhance resilience (segmentation, Zero Trust, SD‑WAN security, secure cloud connectivity), and automate repeatable tasks (e.g., policy linting, backup/restore, compliance evidence collection)Manage vendor and contractor access for maintenance and commissioning, ensuring robust controls for temporary access and loggingDesign solutions that address site-specific challenges, including limited bandwidth, remote access constraints, and environmental factorsSupport operational resilience by coordinating change windows with grid operations and implementing failsafe configurations to avoid plant outagesSkills5+ years of hands‑on experience administering enterprise firewalls and VPNs (Cisco ASA/Firepower/FTD; Check Point)Working knowledge of WAF technologies and web security (OWASP Top 10, TLS, mTLS, API security)Strong command of TCP/IP, routing (OSPF/BGP), NAT, ACLs, IPS/IDS, and packet analysisExperience with SIEM/log management (e.g., Splunk, QRadar, LogRhythm), network monitoring (e.g., SolarWinds), and configuration managementFamiliarity with NERC CIP concepts and control implementations for Low and/or Medium Impact environments, or equivalent experience in other regulated OT/ICS environments (for example IEC 62443)Solid documentation skills and experience operating within formal change management processesClear communicator able to translate complex security topics for plant operations, engineering, compliance, and leadershipStrong prioritization and execution in high‑availability environments; calm under pressure during incidentsCollaborative and customer‑focused; builds trusted relationships with site personnel and external partnersBachelor's degree in Computer Science, Electrical/Computer Engineering, Information Security, or related field; or equivalent experience10+ years in network security with deep expertise in Cisco and Check Point ecosystems, including clustering/HA, threat defense, and advanced policy designProven leadership of firewall/WAF architecture in OT/ICS or critical infrastructure (utilities, energy, industrial)Demonstrated experience interpreting and implementing NERC CIP requirements in Medium Impact control centers, including evidence management and audit supportProficiency guiding incident response and problem management for high-availability environments; ability to mentor engineers and lead complex changesTrack record of evaluating, selecting, and integrating new technologies; experience with automation (e.g., Ansible, Python) and policy compliance toolingRelevant certifications preferred: Cisco: CCNP Security, CCIE (Security) (plus), Check Point: CCSA/CCSE, Others, a plusExperience with the secure transport of with SCADA/EMS, plant DCS/RTUs/PLCs, and OT protocols (OPC, DNP3, Modbus)Understanding of interconnections between substations, collector systems, BESS EMS, and corporate networks; secure data flows to forecasting, trading, and asset performance platformsKnowledge of telecom links common in renewables (leased lines, microwave, LTE/private cellular) and secure backhaul to control centersAwareness of site conditions (limited bandwidth, remote access constraints, environmental factors) and designing resilient, maintainable solutionsVendor and contractor access management for maintenance, OEM support, and commissioning activities, with strong control over temporary access and loggingSafety and reliability mindset: change windows coordinated with grid operations, rollback plans, and fail‑safe configurations to avoid plant outagesBenefitsBonus eligibleCompany OverviewTerraForm Power is a leading owner, operator, and producer of renewable energy in North America. It was founded in 2014, and is headquartered in Bethesda, Maryland, USA, with a workforce of 51-200 employees. Its website is http://terraform.com.Company H1B SponsorshipTerraForm Power has a track record of offering H1B sponsorships, with 3 in 2025, 2 in 2024, 1 in 2023, 3 in 2022, 2 in 2021, 2 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Managing Actuary, Remote

Remote

Experienced Full Stack Pharmacy Technician – Remote Data Entry Opportunity with Comprehensive Training and Competitive Salary of $75,000 Yearly at Walgreens

Remote

**Experienced Customer Service Representative – Work from Home – USA**

Remote

**Experienced Full Stack Customer Success Manager – Workplace Equity Solutions**

Remote

**Experienced Full Stack Data Entry Specialist – Remote Work Opportunity at arenaflex**

Remote

Senior Portfolio Analyst - Corporate

Remote

Experienced Remote Bilingual Spanish Customer Service Representative - Insurance Industry Expert

Remote

Developer Relations - Education Lead - Blockchain

Remote

Sales Manager (Pet Industry, Key Accounts & Regional Chains)

Remote

Immediate Hiring: Apple Ca Jobs: Opportunities

Remote
← Back