Information Security Engineer (Contractor)

About Sungrow:Sungrow Power Supply Co., Ltd. ("Sungrow") is a global leading PV inverter and ESS provider with 515 GW of power electronic converters installed worldwide as of December 2023. Founded in 1997 by University Professor Cao Renxian, Sungrow leaders in the research and development of solar inverters with the largest dedicated R&D team in the industry and a broad product portfolio offering PV inverter solutions and ESS for utility-scale, commercial & industrial, and residential applications, as well as internationally recognized floating PV plant solutions, NEV driving solutions, EV charging solutions, and renewable hydrogen production systems. With a strong 27-year track record in the PV space, Sungrow products power in 170 countries and regions worldwide. For more information about Sungrow, visit: .The Position:We are seeking a skilled and adaptable Information Security Engineer (Contractor) to contribute to the development of Sungrow's security and IT infrastructure from the ground up. This role is essential for addressing the immediate need for robust cybersecurity measures, operational IT support, and compliance readiness. The ideal candidate will play a pivotal role in securing Sungrow's systems, implementing foundational IT and security processes, and supporting cross-functional collaboration to meet business objectives.Essential Duties and Responsibilities:Tool Integration and Administration:Lead integrations between existing and new security tools such as SIEM, EDR, IAM, vulnerability scanners, and cloud-based platforms.Configure and administer IT and security tools, ensuring alignment with security policies and business goals.Ensure tools are set up for seamless integration into incident response and compliance workflows.Incident Response and Risk Mitigation:Detect, analyze, and respond to security incidents in real-time, collaborating with internal and external stakeholders (e.g., MSSP, IT team).Establish processes to track, document, and mitigate vulnerabilities across systems and applications.Contribute to root cause analysis for incidents and recommend measures to reduce recurrence.Compliance and Audits:Support Sungrow's efforts to achieve and maintain compliance with ISO 27001, NIST, and other frameworks.Perform internal audits of systems, tools, and processes to assess compliance and readiness for external audits.Partner with teams to develop and document IT and security controls that align with regulatory requirements.Vulnerability Management:Conduct regular vulnerability scans, analyze findings, and prioritize remediation efforts.Establish processes for managing critical vulnerabilities, including SLAs and reporting mechanisms.Build and maintain a clear process for ongoing vulnerability tracking and remediation with IT and business stakeholders.IT Security and Operational Support:Address foundational IT challenges, such as user account management, permissions reviews, and system hardening.Support IT operations by contributing to the resolution of IT incidents, deployment of tools, and maintaining secure configurations.Collaborate with IT to establish and enforce network segmentation, secure access controls, and other critical infrastructure measures.Process Development:Develop and maintain policies, procedures, and processes for incident management, change control, and vulnerability tracking.Implement data logging, documentation, and reporting mechanisms for compliance and security operations.Support onboarding and management processes for IT and security vendors.Cross-Team Collaboration:Act as a liaison between IT, Security, and other business units to ensure cohesive security and IT practices.Contribute to training and awareness initiatives for end-users regarding cybersecurity best practices.Provide insights into existing gaps and risks, proposing actionable solutions to strengthen the organization's security posture.Technology Implementation and Optimization:Lead the deployment of new IT and security technologies, ensuring they meet Sungrow's operational and security requirements.Optimize existing tools to better meet business and security needs.Minimum Requirements:2-4 years of professional experience in IT, cybersecurity, or a related field.Hands-on experience with security tools such as SIEM, EDR, IAM, and vulnerability scanners.Strong understanding of networking concepts, including VLANs, VPNs, and firewall configurations.Familiarity with compliance frameworks like ISO 27001, NIST, and SOC 2.Experience implementing and managing security processes in a hybrid IT environment (cloud and on-prem).Working knowledge of IT fundamentals, including Active Directory, endpoint management, and SaaS applications.Education or Desired License and Certificates:Obtained or pursuing a Bachelor's degree in Information Security, Computer Science, or a related field.Security+ or other relevant certifications (e.g., CySA+, CEH) are a plus.CompetenciesAbility to thrive in a dynamic and fast-paced environment, balancing multiple responsibilities.Strong technical skills combined with excellent communication and collaboration abilities.Proactive problem-solving mindset, with attention to detail and a focus on delivering results.Commitment to continuous learning and development.Proactive and resourceful, with a focus on continuous improvement.TravelUp to 25%Work Location and Status:Contractor Position, On-Site, Costa Mesa, CaliforniaNo visa sponsorshipCompensation:Opportunity for growth and potential transition to a full-time role.Sungrow is an equal opportunity employer. Due to strong interests in this position, Sungrow will only reach out to those candidates who best meet the requirements. Thank you for your interest in Sungrow.

Created: 2025-02-20