OT Security Engineer

Opportunity

Adapture Renewables, Inc. is on a mission to be a leader in this new era of sustainable energy. Drawing upon an extensive knowledge base, we develop, finance, engineer, build, own, and operate high quality utility-scale photovoltaic projects and battery energy storage projects. Our Technology team is looking for a talented OT Security Engineer to help support the efforts of our fast-growing company. Adapture Renewables is owned by KIRKBI Climate– the private holding and investment company of the Kirk Kristiansen family founded to build a sustainable future for the LEGO^® brand through generations.

Overview

This position will work in our Technology team and is responsible for designing, implementing, and maintaining cybersecurity controls across ARI’s SCADA and industrial control system (ICS) environments, including the interfaces between site OT networks and our enterprise IT infrastructure. The role owns NERC CIP Low impact compliance across the operating fleet, the vendor security relationships that gate access to our plants, and the security telemetry that feeds our centralized monitoring stack. This role reports to the Director of Technology & Security. ARI currently partners with an external MSSP for OT security operations. The candidate may be based remotely in the U.S., with regular travel to operating PV and BESS sites and periodic travel to our Bay Area home office.

Core Responsibilities

• Design and implement OT network segmentation between site SCADA, control, and enterprise zones across the operating fleet.
• Own secure remote access for vendors and ARI staff: jump hosts, MFA, session recording, and just-in-time access patterns.
• Deploy and tune EDR on plant servers and engineering workstations within OT reliability constraints.
• Maintain hardened baselines and configuration control for site servers, HMIs, RTUs/RTACs, and OT network equipment.
• Run vulnerability assessment and patch / mitigation cycles for OT assets in coordination with site operations.
• Maintain and execute the technical controls required under CIP-003 R2 Attachment 1 (cyber security awareness, physical access controls, electronic access controls, incident response, and TCA / removable media controls) across all Low impact BES Cyber Systems.
• Maintain BES Cyber System asset inventories and categorization evidence (CIP-002).
• Maintain CIP-013 Low impact supply chain risk management evidence for vendors with electronic access.
• Support CIP-008 incident reporting workflows and CIP-011 information protection requirements.
• Participate in self-certifications, internal controls testing, and external audits; produce audit-quality artifacts.
• Establish and enforce security requirements for SCADA, inverter, and BESS OEMs, ISPs, and field service vendors; review remote access requests; approve or deny based on documented policy.
• Drive contractual and technical supply chain controls in partnership with Procurement and Legal, and train vendor personnel on ARI’s OT security expectations and field procedures.
• Integrate OT telemetry and security logs into ARI’s centralized monitoring stack and tune detections for ICS protocols and operational patterns (Modbus, DNP3, SEL).
• Triage and lead response for OT security events; coordinate with site operations, the Compliance team, and the MSSP / enterprise SOC.
• Develop and run tabletop exercises; maintain CIP-008 playbooks and capture post-incident lessons learned.
• Conduct site visits to operating PV and BESS plants for inventories, validations, and control testing.
• Deliver OT security awareness training for operators, technicians, and vendor partners.
• Contribute to ARI’s broader cybersecurity program, aligned to CIS Controls v8, NIST CSF v2, and the in-progress IEC 62443 and ISO 27001 implementations.

Qualifications and Experience

• 3–5+ years in OT / ICS / SCADA security, industrial cybersecurity, or critical infrastructure security; utility, IPP, or owner-operator experience strongly preferred.
• Bachelor’s degree in Electrical Engineering, Computer Engineering, Cybersecurity, or related discipline, or equivalent demonstrated experience.
• Hands-on experience implementing and evidencing NERC CIP controls, with direct exposure to CIP-002, CIP-003, CIP-008, CIP-011, and CIP-013.
• Working knowledge of OT networking: VLANs, L2/L3 switching and routing, industrial firewalls, DMZ design, jump architectures, and certificate-based authentication.
• Familiarity with common ICS hardware and protocols: PLCs, RTUs, RTACs, HMIs; Modbus, DNP3, SEL.
• Experience with SIEM / logging platforms and tuning detections for OT environments.
• Preferred certifications: GICSP, ISA / IEC 62443 Cybersecurity Specialist, CompTIA Security+, or CISSP.
• Strong documentation discipline; ability to produce evidence that survives audit scrutiny.
• Clear written and verbal communication; able to translate security requirements into reliability outcomes for plant operations.
• Solar and BESS operations experience, ERCOT market exposure, and prior NERC CIP audit participation are pluses.
• Comfortable with field work, planned outage coordination, and occasional on-call response.
• Valid driver’s license and ability to travel to operating sites as needed.

Benefits Package

• 401(k) plan with company matching contribution
• Competitive health, vision, and dental benefits
• Attractive personal time off and company holiday package
• Work-from-home policy
• Salary commensurate with experience
• $120,000 - 155,000, DOE

Note

Qualified candidates only. No search firms. Adapture Renewables, Inc. is committed to equal employment opportunity.