JOB TITLE: Security Engineer LOCATION: Remote (or hybrid out of Princeton, NJ)

REPORTS TO:

Vice President IT

Kindle Energy LLC ("Kindle") is a leading power generation and asset management company focused on the management, optimization and development of energy assets across the United States and Canada. A portfolio company of Blackstone Group Inc., one of the world's largest alternative asset managers with over $1trillion in assets under management, Kindle operates with the backing of a premier global investment firm.

Kindle currently manages 8.8 GW of power generation assets located in Ohio, Indiana, Texas, Louisiana and Colorado. Our development and construction achievements include ongoing construction of Magnolia Power, LLC, a 700 MW Combined Cycle Gas Turbine (CCGT) project in Louisiana, and Mountain Peak Power, a 164 MW peaking project in Colorado. We are actively working to expand our footprint through three separate natural gas projects under development: Canyon Peak Power (Colorado)a 156 MW peaking facility; Wolf Summit Energy (West Virginia)a 610 MW CCGT; and Lincoln Land Energy Center (Illinois)a 1156 MW CCGT.

Each of these projects reinforce Kindle's growth and our commitment to delivering reliable, efficient and flexible power solutions to meet evolving grid demands.

Position Summary:

The Security Engineer provides end-to-end cyber-defense for a multi-tenant power-generation enterprise. The role spans SIEM/XDR detection engineering, internal penetration testing, continuous threat hunting, zero-trust enforcement, and regulatory compliance (NIST CSF 2.0, NERC CIP). You will orchestrate Microsoft Sentinel analytics, CrowdStrike Falcon policies, Darktrace MDR workflows, Zscaler/Netskope SSE controls, and CyberArk PAM/EPM—all while partnering with Network and Systems Engineering to secure IT and OT environments.

Essential Responsibilities:

Detection & Incident Response

Develop and fine-tune Sentinel KQL analytics; curate Falcon IOC feeds—maintain < 5 % false-positive rate.- Serve as Tier-3 escalation with Darktrace MDR for 24×7 incidents; coordinate containment with Network & Systems Engineers.

Threat Hunting

- Conduct weekly proactive threat-hunt sweeps across Sentinel, Darktrace, Netskope, and Zscaler telemetry; document hypotheses and findings using MITRE ATT&CK mapping.

- Deliver monthly hunt reports and remediation recommendations to the VP of IT.

Internal Pen-Testing / Purple-Team

- Plan and execute quarterly internal penetration tests (external perimeter, wireless, OT segmentation).

- Coordinate purple-team exercises with third-party red-teamers; track findings to closure (≤ 90 days).

Vulnerability & Hardening

- Own Defender VM dashboards; prioritise CVEs; drive remediation with Systems & Network Engineers.

- Perform zero-trust posture reviews of ZIA/ZPA and Netskope CASB policies; update CA rules accordingly.

Identity & Access

- Manage Conditional Access across Okta Workforce Identity and Azure SSO; oversee quarterly entitlement reviews.

- Maintain CyberArk Core PAM vault and EPM policies for endpoints, servers, and network gear.

OT / ICS Security

- Validate Purdue-zone ACLs, jump-host logs, and CIP-003 remote-access controls; support OT resilience testing.

Compliance & Awareness

- Map controls to NIST CSF DE/RS/PR and NERC CIP standards; supply audit evidence with zero material findings.

- Lead KnowBe4 phishing simulations; present metrics to the Executive Committee.

Required Qualifications:

- ≥ 5 years security-operations / detection-engineering experience in critical infrastructure.

- Hands-on mastery of Microsoft Sentinel, CrowdStrike Falcon, Darktrace NDR, Zscaler ZIA/ZPA, and Netskope SWG/CASB.

- Proven delivery of internal penetration tests and structured threat-hunting engagements using MITRE ATT&CK.

- Administration of CyberArk Core PAM/EPM and Intune compliance policies.

- Direct involvement in NERC CIP audits and OT/ICS security projects.

- Ability to travel as needed (~20%)

Preferred Certifications:

- SC-200, GCIA/GMON, OSCP or GX-PN, PCNSE/NSE-7.

- Additional merits: GICSP, CISSP, SANS SEC660/Python, Purple-Team certs (e.g., GCTI).

Key Performance Indicators:

Mean Time to Detect< 15 min (Darktrace SLA)Mean Time to Contain- Critical vuln backlog (CVSS ≥ 9) 0 older than 30 days

- Verified exploit paths closed post-pen-test 100 % within 90 days

- Monthly documented threat-hunt hypotheses ≥ 4 with actionable findings

Phish click-rate < 3 % per campaign- Audit control gaps 0 material findings

Cross-Team Collaboration:

Works daily with the Senior Network & OT Security Engineer and Senior Systems & Cloud Engineer to ensure every change, patch cycle, and new deployment meets zero-trust and NERC CIP requirements. Participates in a rotating on-call schedule and quarterly incident-response tabletops.