Network Engineer

JOB TITLE: Network Engineer

LOCATION: Remote

REPORTS TO: Vice President IT

Kindle Energy LLC ("Kindle") is a leading power generation and asset management company focused on the management, optimization and development of energy assets across the United States and Canada. A portfolio company of Blackstone Group Inc., one of the world's largest alternative asset managers with over $1trillion in assets under management, Kindle operates with the backing of a premier global investment firm.

Kindle currently manages 8.8 GW of power generation assets located in Ohio, Indiana, Texas, Louisiana and Colorado. Our development and construction achievements include ongoing construction of Magnolia Power, LLC, a 700 MW Combined Cycle Gas Turbine (CCGT) project in Louisiana, and Mountain Peak Power, a 164 MW peaking project in Colorado. We are actively working to expand our footprint through three separate natural gas projects under development: Canyon Peak Power (Colorado)-a 156 MW peaking facility; Wolf Summit Energy (West Virginia)-a 610 MW CCGT; and Lincoln Land Energy Center (Illinois)-a 1156 MW CCGT.

Each of these projects reinforce Kindle's growth and our commitment to delivering reliable, efficient and flexible power solutions to meet evolving grid demands.

Position Summary:

The Senior Network & OT Security Engineer designs, deploys and secures converged IT/OT connectivity for a multi-portfolio power-generation enterprise. The role spans campus/ datacenter routing & switching, next-generation firewalls, and secure-access overlays (Zscaler ZIA/ZPA, Netskope), while enforcing NIST CSF 2.0 and NERC CIP controls across four Microsoft tenants and construction/M&A projects.

Essential Responsibilities:

Architecture & Build • Engineer LAN/WAN/SD-WAN solutions on Cisco Catalyst / Nexus, Meraki, and Aruba CX platforms.• Design and maintain HA firewalls (Palo Alto PAN-OS 10+, FortiGate clusters) including GRE/IPsec tunnels to Zscaler/Netskope POPs.• Create Purdue-model segmentation for SCADA/PLC/HMI networks; integrate Xona gateways. Security Operations

• Co-own CrowdStrike Falcon Firewall policies; forward logs to Microsoft Sentinel.• Onboard network assets to CyberArk Core PAM; rotate credentials per CIP-007.

Change & Automation

• Automate configs with Ansible/Python; maintain NetBox CMDB 98 % accuracy.• Publish and recertify PAC/DNS egress files supporting Zscaler & Netskope.

Compliance & Audit

- Provide artifacts for NERC CIP-005/007, IEC 62443, and internal NIST CSF audits.

Incident Response

- First responder for Darktrace MDR isolations; capture packet data; produce RCA within 48 h.

Required Qualifications

- - 5 years hands-on with Cisco/Aruba/Meraki switching and Palo Alto, FortiGate, ASA/FPR firewalls.

- Demonstrable design & support of OT/ICS networks in power-generation or sub-station environments.

- Strong cybersecurity background: VLAN/ZTNA segmentation, IDS/IPS, log ingestion.

- Scripting proficiency (Python or Ansible).

- Certifications (minimum one)

- CCNP Enterprise / Security, PCNSE, NSE 6/7. Bonus: GICSP, CCSP, CISSP.

- Ability to travel up to 60%

KPIs (Year-1)

Network availability 99.9 %. Critical CVE remediation

- 14 days.

- 0 unauthorized firewall-rule deviations per quarter.

- OT VLAN latency variance < 5 ms.