Director of Enterprise Security

About the Role

The role is primarily remote, with occasional on-site visits to Sunrun's offices for team-building, training, and collaborative project work. The ideal candidate will have a strong background in managing cybersecurity teams and programs, with expertise in cloud security, application security, and vulnerability management.

What You Will Do

• Develop and implement enterprise-wide cybersecurity strategies to protect customer data and business applications
• Direct and manage enterprise security, cloud security, and application security programs across the organization
• Design, implement, and continuously improve security controls across enterprise infrastructure, cloud environments, and internally developed applications
• Establish and maintain security policies, standards, and technical guidelines aligned with industry frameworks and regulatory requirements
• Integrate security controls and best practices into the software development lifecycle to ensure secure development and deployment of applications
• Partner with product, engineering, and technology teams to identify, assess, and remediate security vulnerabilities in enterprise systems and applications
• Lead risk assessment activities and ensure remediation of identified security risks across enterprise platforms and services
• Provide strategic guidance to senior leadership on cybersecurity risks, mitigation strategies, and security program improvements
• Monitor emerging cybersecurity threats, technologies, and regulatory developments and adapt organizational security practices accordingly

What We Are Looking For

• Master's degree in Computer or Software Engineering with at least 3 years of experience as a CIS Manager
• Proven experience in managing cybersecurity teams and/or security programs
• Expertise in designing and implementing security controls for cloud computing environments
• Experience with integrating security practices into the software development lifecycle
• Proficiency in Python, C++, IBM Qradar, Imperva Incapsula, IBM BigFix, Nexpose, Symantec PGP, Duo, and Linux
• Strong understanding of industry frameworks and regulatory requirements
• Excellent leadership and communication skills

Nice to Have

• Experience with agile development methodologies and DevOps practices
• Knowledge of cloud security platforms such as AWS or Azure
• Certification in cybersecurity, such as CISSP or CISM
• Experience with threat intelligence and incident response

Benefits and Perks

• Competitive salary and benefits package
• Opportunity to work with a leading solar company and contribute to a sustainable future
• Remote work arrangement with flexible hours
• Professional development and growth opportunities
• Access to cutting-edge technologies and tools
• Collaborative and dynamic company culture
• Comprehensive health insurance and wellness programs
• Generous paid time off and holidays
• Retirement savings plan with company match

• To stand out as a candidate, highlight your experience with cloud security and application security in your resume and cover letter.
• Be prepared to discuss your approach to vulnerability management and threat intelligence during the interview process.
• Showcase your knowledge of industry frameworks and regulatory requirements, such as NIST or HIPAA.
• If you have experience with agile development methodologies and DevOps practices, be sure to emphasize this in your application.
• When negotiating salary, consider the company's budget and industry standards, and be prepared to discuss your expectations and requirements.
• Red flags to watch for during the interview process include lack of transparency about company culture or expectations, or unclear communication about the role and responsibilities.