Information Security Tech & Ops Engineer

Maxeon Solar Technologies is a global leader in solar innovation. Built from 35 years of boundary-pushing solar innovation, Maxeon designs, manufactures, and sells industry-leading SunPower branded solar products. Maxeon is Powering Positive Change every day with a brilliant, passionate and driven team of more than 5,000 people globally.

We push the boundaries, taking solar technology higher, faster, and farther than before.

We hold ourselves to a higher standard, striving for the highest integrity, safety, and quality.

We thrive together as a global team, embracing our diverse backgrounds to make a positive impact on the world. 

Join us in POWERING POSITIVE CHANGE™

SUMMARY OF ROLE

The Infosec Tech & Ops Engineer plays a key role in protecting Maxeon’s systems and data from the ever-increasing cyber security threat. This role is responsible for a number of functions associated with technical security technology, infrastructure, and control implementation and operations - from ensuring the security of operating system and application, through to selecting and/or constructing broader network security systems, application security, and operating them day to day.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following (other duties may be assigned):

• Implement, operate, and administer information security technology solutions and controls such as firewalls, network/host IPS, NAC, Secure Web Gateway, Endpoint Protection Platform and Endpoint Detection and Response, DLP, data encryption solutions, OS hardening, and vulnerability management tool.  Work closely with key people with shared security responsibilities in different functions in the IT organization and business units.
• Maintain a strong understanding of relevant security standards and security technology. Participate in the selection, implementation, and operation of information security technology and key infrastructure solutions and applications that are aligned with the strategic objectives and priorities of the business, and ensure that they are compliant with approved / agreed security policies and requirements as well as relevant regulations. Where necessary, review and suggest new security technology to strengthen the overall systems, network, application, and cloud security posture, and communicate to the relevant IT team leaders.
• Assess existing critical IT infrastructure and applications to ensure they are protected from security exposures and they are monitored end to end. Conduct periodic vulnerability assessment of networks and key systems, analyze the results to find any vulnerabilities and actionable improvements. Provide mitigating recommendations for vulnerabilities and gaps identified. Report and escalate possible critical and high severity vulnerabilities and issues and problems demanding management attention and resolution.
• Together with the 24x7 Integrated Network & Security Operations Center monitor the organization’s networks and systems for security breaches or intrusions. Work closely with the cyber breach coach and relevant teams to investigate, develop strategies to respond to and recover from a security incident and breach.
• Work with technology project team (infra, application, software developer) to identify and define system and application security requirements to ensure that the proposed new system or application is reasonably secure and doesn’t introduce unacceptable security risks to the organization.
• Provide technical support and expertise for the risk management, audit, and compliance activities. Resolve the outstanding security and IT audit issues related to security technology, controls, and operations. Escalate issues to the management as needed.
• Participate and contribute to the development of pragmatic security framework and strategies, security standards, best practices, standard operating procedures and protocols for the organization, and recommend security enhancements to help mitigate security vulnerabilities and automate repeatable tasks to management as needed.
• Complies at all times the Environment, Health and Safety and Manufacturing Quality standards, rules and regulations
• Performs other duties may be assigned

RELATED EXPERIENCE AND EDUCATIONAL REQUIREMENTS

Minimum requirements

Professional work experience:

• Minimum 5 years of direct professional experience (implementation, administration and management) in various security technology and platforms (e.g. firewall, SIEM, DLP, End point Security, etc.) and AppSec, with minimum 2 years of experience in information security operations.
• Experience designing and implementing secure networks, systems, and application architecture
• Knowledge of risk assessment tools, technologies and methods
• Knowledge of disaster recovery, computer forensic tools, technologies and methods would be advantageous
• Familiar with cloud technology and security, such as AWS and Azure security, Office 365 security, CASB, and cloud DLP.
• Familiar with Oracle application and database security and identity management
• Familiar with ISO 27001 and 27002/SOX/NIST CSF/SANS CIS CSS aligned security controls and operations.
• Able to communicate technical security issues to peers and management.
• Able to work alone with minimum supervision/guidance, and have strong time management and organizational skills   
• Working experience in global international company with multicultural people, dealing with people from diverse cultural background and cross-border team.
• Broad understanding of security strategy, technology and operations.

Education

• A Bachelor’s Degree in Computer Science, Engineering, or related disciplines

Industry experience

• Experience in manufacturing industry strongly preferred

Other relevant minimum requirements:

• Up-to-date knowledge of IT and information security technology and threat trends, as well as general strategy to overcome IT and information security risks

Personal/Special qualifications

• CISSP, CCSP, CEH, NCSF certifications or equivalent would be advantageous

Languages

• Fluent English

Competencies

• Solid information security knowledge such as security frameworks, controls, standards and compliance requirements based on ISO27000 series, SOX, PCI-DSS, SANS CIS CSC, NIST CSF and their application into manufacturing environment
• Familiar with current security technologies and security threat landscape, and strategy to overcome common challenges in information security implementation and operation

OTHER PERTINENT INFORMATION (optional)

• This role involves communication with team members from various IT disciplines and external parties in multiple geographical locations, thus effective communication skill (both verbal and written) and ability to engage people, are essential for this role
• Maxeon is currently in a transition and undergoing transformation journey following its spin-off from SunPower. The candidate is expected to be able to work in fast pace, greenfield-like environment where things are less structured and less systematic, able to simplify and prioritize, and think out-of-the-box when facing challenging situation.

Safety Compliance

Your safety is our number one priority at Maxeon. All our employees must complete regular workplace safety training and comply with our mandatory safety standards.

Equal Employment Opportunity

The Company is an equal employment opportunity employer and makes employment decisions, including but not limited to, hiring, firing, promotion, demotion, training, and/or compensation, on the basis of merit. Employment decisions are based on an individual’s qualifications as they relate to the job under consideration. The Company’s policy prohibits unlawful discrimination based on sex (which includes pregnancy, childbirth, breastfeeding, or related medical conditions, the actual sex of the individual, or the gender identity or gender expression), race, color, religion, including religious dress practices and religious grooming practices, sexual orientation, national origin, ancestry, citizenship, marital status, familial status, age, physical disability, mental disability, medical condition, genetic information, protected veteran or military status, or any other consideration made unlawful by national, federal, state or local laws, ordinances, or regulations. The Company is committed to complying with all applicable laws providing equal employment opportunities. This commitment applies to all persons involved in the operations of the Company and prohibits unlawful discrimination by any employee of the Company, including supervisors and co-workers.