What are the responsibilities and job description for the Information Security Engineer (Contractor) position at Sungrow Power Supply Co., Ltd.?
About Sungrow :
Sungrow Power Supply Co., Ltd. (“Sungrow”) is a global leading PV inverter and ESS provider with 515 GW of power electronic converters installed worldwide as of December 2023. Founded in 1997 by University Professor Cao Renxian, Sungrow leaders in the research and development of solar inverters with the largest dedicated R&D team in the industry and a broad product portfolio offering PV inverter solutions and ESS for utility-scale, commercial & industrial, and residential applications, as well as internationally recognized floating PV plant solutions, NEV driving solutions, EV charging solutions, and renewable hydrogen production systems. With a strong 27-year track record in the PV space, Sungrow products power in 170 countries and regions worldwide. For more information about Sungrow, visit : www.sungrowpower.com
The Position :
We are seeking a skilled and adaptable Information Security Engineer (Contractor) to contribute to the development of Sungrow’s security and IT infrastructure from the ground up. This role is essential for addressing the immediate need for robust cybersecurity measures, operational IT support, and compliance readiness. The ideal candidate will play a pivotal role in securing Sungrow’s systems, implementing foundational IT and security processes, and supporting cross-functional collaboration to meet business objectives.
Essential Duties and Responsibilities :
- Tool Integration and Administration :
- Lead integrations between existing and new security tools such as SIEM, EDR, IAM, vulnerability scanners, and cloud-based platforms.
- Configure and administer IT and security tools, ensuring alignment with security policies and business goals.
- Ensure tools are set up for seamless integration into incident response and compliance workflows.
- Incident Response and Risk Mitigation :
- Detect, analyze, and respond to security incidents in real-time, collaborating with internal and external stakeholders (e.g., MSSP, IT team).
- Establish processes to track, document, and mitigate vulnerabilities across systems and applications.
- Contribute to root cause analysis for incidents and recommend measures to reduce recurrence.
- Compliance and Audits :
- Support Sungrow’s efforts to achieve and maintain compliance with ISO 27001, NIST, and other frameworks.
- Perform internal audits of systems, tools, and processes to assess compliance and readiness for external audits.
- Partner with teams to develop and document IT and security controls that align with regulatory requirements.
- Vulnerability Management :
- Conduct regular vulnerability scans, analyze findings, and prioritize remediation efforts.
- Establish processes for managing critical vulnerabilities, including SLAs and reporting mechanisms.
- Build and maintain a clear process for ongoing vulnerability tracking and remediation with IT and business stakeholders.
- IT Security and Operational Support :
- Address foundational IT challenges, such as user account management, permissions reviews, and system hardening.
- Support IT operations by contributing to the resolution of IT incidents, deployment of tools, and maintaining secure configurations.
- Collaborate with IT to establish and enforce network segmentation, secure access controls, and other critical infrastructure measures.
- Process Development :
- Develop and maintain policies, procedures, and processes for incident management, change control, and vulnerability tracking.
- Implement data logging, documentation, and reporting mechanisms for compliance and security operations.
- Support onboarding and management processes for IT and security vendors.
- Cross-Team Collaboration :
- Act as a liaison between IT, Security, and other business units to ensure cohesive security and IT practices.
- Contribute to training and awareness initiatives for end-users regarding cybersecurity best practices.
- Provide insights into existing gaps and risks, proposing actionable solutions to strengthen the organization’s security posture.
- Technology Implementation and Optimization :
- Lead the deployment of new IT and security technologies, ensuring they meet Sungrow’s operational and security requirements.
- Optimize existing tools to better meet business and security needs.
Minimum Requirements :
Education or Desired License and Certificates :
Competencies
Travel
Up to 25%
Work Location and Status :
Compensation :
Sungrow is an equal opportunity employer. Due to strong interests in this position, Sungrow will only reach out to those candidates who best meet the requirements. Thank you for your interest in Sungrow.
