Information Security Tech & Ops Engineer

Powering Positive Change™  

In a world of constant change, the only way to make a meaningful impact is to stay ahead of the curve. That’s why at Maxeon Solar Technologies we’ve been pushing the boundaries of solar innovation every day for 35 years – from the very edge of outer space to countless rooftops below.   

   
Our highly advanced solar products are powering the fight against climate change in more than 100 countries around the globe. And our brilliant, passionate, and driven team of more than 5,000 people globally are Powering Positive Change™ every day.   
  
Are you ready to power positive change?

SUMMARY OF ROLE

The Infosec Tech & Ops Engineer plays a key role in protecting Maxeon’s systems and data from the ever-increasing cyber security threat. This role is responsible for a number of functions associated with technical security technology, infrastructure, and control implementation and operations - from ensuring the security of operating system and application, through to selecting and/or constructing broader network security systems, application security, and operating them day to day.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following (other duties may be assigned):

• Implement, operate, and administer information security technology solutions and controls such as firewalls, network/host IPS, NAC, Secure Web Gateway, Endpoint Protection Platform and Endpoint Detection and Response, DLP, data encryption solutions, OS hardening, and vulnerability management tool.  Work closely with key people with shared security responsibilities in different functions in the IT organization and business units.
• Maintain a strong understanding of relevant security standards and security technology. Participate in the selection, implementation, and operation of information security technology and key infrastructure solutions and applications that are aligned with the strategic objectives and priorities of the business, and ensure that they are compliant with approved / agreed security policies and requirements as well as relevant regulations. Where necessary, review and suggest new security technology to strengthen the overall systems, network, application, and cloud security posture, and communicate to the relevant IT team leaders.
• Assess existing critical IT infrastructure and applications to ensure they are protected from security exposures and they are monitored end to end. Conduct periodic vulnerability assessment of networks and key systems, analyze the results to find any vulnerabilities and actionable improvements. Provide mitigating recommendations for vulnerabilities and gaps identified. Report and escalate possible critical and high severity vulnerabilities and issues and problems demanding management attention and resolution.
• Together with the 24x7 Integrated Network & Security Operations Center monitor the organization’s networks and systems for security breaches or intrusions. Work closely with the cyber breach coach and relevant teams to investigate, develop strategies to respond to and recover from a security incident and breach.
• Work with technology project team (infra, application, software developer) to identify and define system and application security requirements to ensure that the proposed new system or application is reasonably secure and doesn’t introduce unacceptable security risks to the organization.
• Provide technical support and expertise for the risk management, audit, and compliance activities. Resolve the outstanding security and IT audit issues related to security technology, controls, and operations. Escalate issues to the management as needed.
• Participate and contribute to the development of pragmatic security framework and strategies, security standards, best practices, standard operating procedures and protocols for the organization, and recommend security enhancements to help mitigate security vulnerabilities and automate repeatable tasks to management as needed.
• Complies at all times the Environment, Health and Safety and Manufacturing Quality standards, rules and regulations
• Performs other duties may be assigned

RELATED EXPERIENCE AND EDUCATIONAL REQUIREMENTS:

Minimum requirements

Professional work experience:

• Minimum 3 years of direct professional experience (implementation, administration and management) in various security technology and platforms (e.g. firewall, SIEM, DLP, End point Security, etc.) and AppSec, with minimum 2 years of experience in information security operations.
• Experience designing and implementing secure networks, systems, and application architecture
• Knowledge of risk assessment tools, technologies and methods
• Knowledge of disaster recovery, computer forensic tools, technologies and methods would be advantageous
• Familiar with cloud technology and security, such as AWS and Azure security, Office 365 security, CASB, and cloud DLP.
• Familiar with Oracle application and database security and identity management
• Familiar with ISO 27001 and 27002/SOX/NIST CSF/SANS CIS CSS aligned security controls and operations.
• Able to communicate technical security issues to peers and management.
• Able to work alone with minimum supervision/guidance, and have strong time management and organizational skills  
• Working experience in global international company with multicultural people, dealing with people from diverse cultural background and cross-border team.
• Broad understanding of security strategy, technology and operations.

Education

• A Bachelor’s Degree in Computer Science, Engineering, or related disciplines

Industry experience

• Experience in manufacturing industry strongly preferred

Other relevant minimum requirements:

• Up-to-date knowledge of IT and information security technology and threat trends, as well as general strategy to overcome IT and information security risks
• Personal/Special qualifications
• CISSP, CCSP, CEH, NCSF certifications or equivalent would be advantageous

Languages

• Fluent in English

Competencies

• Solid information security knowledge such as security frameworks, controls, standards and compliance requirements based on ISO27000 series, SOX, PCI-DSS, SANS CIS CSC, NIST CSF and their application into manufacturing environment
• Familiar with current security technologies and security threat landscape, and strategy to overcome common challenges in information security implementation and operation

OTHER PERTINENT INFORMATION (optional)

• This role involves communication with team members from various IT disciplines and external parties in multiple geographical locations, thus effective communication skill (both verbal and written) and ability to engage people, are essential for this role
• Maxeon is currently in a transition and undergoing transformation journey following its spin-off from SunPower. The candidate is expected to be able to work in fast pace, greenfield-like environment where things are less structured and less systematic, able to simplify and prioritize, and think out-of-the-box when facing challenging situation.

Safety Compliance

Your safety is our number one priority at Maxeon. All our employees must complete regular workplace safety training and comply with our mandatory safety standards.

Equal Employment Opportunity

It is Maxeon’s policy to provide equal employment opportunity to all applicants and employees. Maxeon will not tolerate unlawful discrimination against any applicant or employee because of race, color, national origin or ancestry, gender (including pregnancy, childbirth, or related medical conditions), gender identity, age, religion, disability, family care status, veteran status, marital status, sexual orientation, or any other basis protected by national, local, state or federal laws or regulations.