Sr. Cybersecurity Engineer (OT & Cloud Infrastructure)

About the Role

The Sr. Cybersecurity Engineer will architect and implement technical security controls for ON.energy’s grid‑connected energy portfolio. The role secures the entire data lifecycle—from industrial control systems at the edge, through the cloud telemetry pipeline, to corporate dashboards. This builder role is responsible for deploying and managing core security infrastructure, specifically Wazuh and Authentik, to protect AWS environments and operational field assets. The engineer will work closely with control‑systems engineers and DevOps teams to embed security into the backbone. • Secure AWS infrastructure hosting energy management platforms, implementing hardening baselines and managing security groups. • Architect and operate a centralized Wazuh SIEM deployment to ingest CloudTrail, VPC Flow Logs, and Linux server logs, with custom decoders for threat detection. • Review and harden Terraform/CloudFormation scripts and manage security configurations via Ansible or similar IaC tools. • Harden the telemetry pipeline from edge devices to the cloud, enforcing TLS 1.2/1.3 encryption and PKI‑based certificate management. • Deploy Authentik as the unified Identity Provider, enforcing MFA and SSO for cloud consoles, engineering tools, and Grafana dashboards. • Design and enforce least‑privilege IAM roles and service‑account permissions across cloud resources. • Implement IEC 62443‑aligned network segmentation (Purdue Model) to isolate IT, Cloud, and OT zones. • Deploy Wazuh agents on industrial PCs and HMIs for file‑integrity monitoring and vulnerability scanning without disrupting real‑time processes. • Secure industrial communications such as Modbus and DNP3 to ensure data integrity between field assets and control centers.

Key Responsibilities

• ▸aws security
• ▸wazuh siem
• ▸terraform hardening
• ▸authentik idp
• ▸telemetry tls
• ▸iam least‑privilege

What You Bring

• 5–8 years of technical cybersecurity experience with a blend of Cloud/Linux engineering and OT/industrial exposure. • Deep expertise with Wazuh (deployment, custom rules, FIM/SCA tuning) and Authentik (OIDC/SAML providers, outposts, legacy proxying). • Proficiency in AWS security services (GuardDuty, IoT Core, IAM) or Azure equivalents, and experience securing Linux‑based cloud environments via code. • Proven OT security background working with industrial control systems, SCADA, or utility/energy infrastructure. • Hands‑on troubleshooting skills for Linux agents and network packet analysis. • Preference for open‑source solutions over commercial black‑box products. • Experience with Docker/Kubernetes security in edge computing contexts. • Knowledge of industrial protocols such as Modbus TCP, DNP3, and IEC 61850. • Relevant certifications (GICSP, GRID, AWS Certified Security – Specialty) are a plus.

Requirements

• ▸5-8 years
• ▸wazuh
• ▸authentik
• ▸aws security
• ▸kubernetes
• ▸gicsp

Benefits

ON.energy offers a competitive compensation package that varies by location, including salary, performance‑based bonuses, comprehensive health benefits, retirement plans, paid time off, and professional development opportunities. The company is mission‑driven, focused on clean energy, and committed to equal employment opportunity. • Benefits include competitive salary, performance‑based bonus, medical/dental/vision insurance, 401(k) match (US) or Christmas bonus & major medical/life insurance (Mexico), paid time off, and professional development opportunities.

Work Environment

Hybrid