H-1BEmpresa con aprobaciones comprobadas
REG. 2081380
Gerente de Seguridad de la Información
Cypress Creek Renewables, LLC
✓ VERIFICADO · 2 green cards (PERM) aprobadas en los últimos 12 mesesRegistros públicos del Departamento de Trabajo de EE. UU. (DOL).
- Lugar: Durham, DC
- Área: Tecnologia
- Visa probable: H-1B
- Empleo visto por última vez el 18/7/2026
Gerente de seguridad en Durham; empresa con 12 aprobaciones de LCA y 2 de PERM en los últimos 12 meses.
Cuenta gratis — el contacto y el enlace oficial del empleo están en el portal.
Descripción del empleo (original, en inglés)
<p><strong>The Company</strong></p>
<p> </p>
<p><span data-contrast="none">The energy industry is entering one of the most significant periods of growth and transformation in its history. Meeting the nation’s growing demand for reliable electricity will require new ideas, new infrastructure, and talented people committed to building for the future.</span> <span data-ccp-props="{"134233117":false,"134233118":false,"335557856":16777215,"335559738":0,"335559739":0}"> </span></p>
<p><span data-contrast="none">At Cypress Creek Energy, we’re meeting that challenge by developing and operating the energy infrastructure needed to power communities, support economic opportunity, and strengthen resilience. We believe our responsibility extends beyond the grid and that how we build matters just as much as what we build.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335557856":16777215,"335559738":0,"335559739":0}"> </span></p>
<p><span data-contrast="none">That same commitment extends to our employees. We invest in professional growth, encourage collaboration across teams, and provide opportunities to take ownership, expand your expertise, and advance your career. Our culture is grounded in safety, accountability, respect, and a shared commitment to deliver results. Join us and help meet one of the most important energy challenges of our time while building a rewarding career.</span><span data-ccp-props="{"134233117":false,"134233118":false,"335557856":16777215,"335559738":0,"335559739":0}"> </span></p>
<p><strong>Overview</strong></p>
<p><span data-contrast="none">Cypress Creek Energy is hiring an Information Security Manager to lead the company's security operations and compliance program. This is a hands-on individual contributor role designed for a senior technical security professional ready to take ownership of a complete program — with the opportunity to grow into a leader of a team as the function scales.</span><span data-ccp-props="{"335559739":140}"> </span></p>
<p><span data-contrast="none">The successful candidate brings a balance of deep technical execution and program-level compliance maturity. You will own the day-to-day security tooling stack, lead the company's NIST-based compliance program, shape policy in emerging areas including artificial intelligence, and maintain an accurate view of every system in the environment. You will report directly to the Chief Technology Officer and partner closely with IT, Counsels, and business stakeholders across the company.</span><span data-ccp-props="{"335559739":140}"> </span></p>
<p><strong>Responsibilities</strong></p>
<p><span data-contrast="none">Security Operations & Engineering</span><span data-ccp-props="{"335559738":100,"335559739":140}"> </span></p>
<ul>
<li><span data-contrast="none">Endpoint security: </span><span data-contrast="none">Administer and tune Microsoft Defender across the endpoint estate, including policy configuration, alert triage, response, and reporting.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Network and access security: </span><span data-contrast="none">Manage the Zscaler platform (ZIA/ZPA), including policy development, traffic inspection, access controls, and integration with identity systems.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">SIEM operations: </span><span data-contrast="none">Own SIEM tuning, detection engineering, log source onboarding, alerting, and incident workflows. Build dashboards and metrics that surface meaningful signals.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Vulnerability management: </span><span data-contrast="none">Run the vulnerability scanning program across AWS and Azure cloud environments and on-premises infrastructure. Prioritize, track, and verify remediation in partnership with IT and engineering teams.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Patch management: </span><span data-contrast="none">Maintain endpoint patching cadence and reporting, ensuring coverage, exception tracking, and SLA adherence.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Digital forensics & incident response: </span><span data-contrast="none">Lead investigations into security events, perform forensic analysis, document findings, and coordinate response with internal teams and external partners as needed.</span><span data-ccp-props="{"335559739":100}"> </span></li>
</ul>
<p><span data-contrast="none">Compliance & Governance</span><span data-ccp-props="{"335559738":180,"335559739":140}"> </span></p>
<ul>
<li><span data-contrast="none">NIST-based program: </span><span data-contrast="none">Maintain and continuously improve the company's NIST Cybersecurity Framework-aligned security program, including controls mapping, evidence collection, and gap remediation.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Policy management: </span><span data-contrast="none">Own the security policy library — ensure policies and standards are current, reviewed on a defined cadence, approved through the right channels, and communicated to the business.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">AI policy and guidance: </span><span data-contrast="none">Develop and maintain the company's AI usage policies, acceptable use guidance, and review process for new AI tools, in coordination with Counsels and IT.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">System inventory: </span><span data-contrast="none">Build and maintain an authoritative inventory of systems, applications, data flows, and ownership. Keep it accurate as the environment evolves.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Audit and assessment support: </span><span data-contrast="none">Lead responses to internal and external audits, customer security reviews, and regulatory inquiries. Manage remediation of identified findings through closure.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Risk management: </span><span data-contrast="none">Identify, document, and track information security risks; propose mitigations and report on residual risk to leadership.</span><span data-ccp-props="{"335559739":100}"> </span></li>
</ul>
<p><span data-contrast="none">Leadership & Cross-Functional Partnership</span><span data-ccp-props="{"335559738":180,"335559739":140}"> </span></p>
<ul>
<li><span data-contrast="none">Stakeholder engagement: </span><span data-contrast="none">Partner with IT, Counsels, HR, and business leaders on security matters, providing clear guidance that balances risk with business needs.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Operational Technology (OT): </span><span data-contrast="none">Act as a partner and advisor to the OT team coordinating security and compliance initiatives across the company. Manage intersection of IT and OT endpoints, systems, and networks.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Security awareness: </span><span data-contrast="none">Drive the security awareness program, including phishing simulations, training content, and ongoing communications.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Vendor and third-party risk: </span><span data-contrast="none">Assess and manage security risk associated with vendors, contractors, and third-party service providers.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Future team leadership: </span><span data-contrast="none">Lay the groundwork to scale the function. As the program matures, hire, mentor, and lead a team of security professionals.</span><span data-ccp-props="{"335559739":100}"> </span></li>
</ul>
<p><strong>Education & Experience Required</strong></p>
<ul>
<li><span data-contrast="auto">Use of AI to enhance and scale security operations – establish AI first Security Ops</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Bachelor's degree in computer science, information systems, cybersecurity, or related field — or equivalent professional experience.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">5+ years of progressive experience in information security, with demonstrated depth in security operations, engineering, or a combination of both.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Hands-on administration and tuning experience with Microsoft Defender (Endpoint, Identity, Cloud).</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Production experience operating Zscaler (ZIA and/or ZPA), including policy management and troubleshooting.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Strong SIEM experience — building detections, tuning alerts, investigating incidents, and onboarding log sources.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Vulnerability management experience across cloud environments, specifically AWS and Azure.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Working knowledge of digital forensics and incident response methodology.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Demonstrated experience operating a security program aligned to the NIST Cybersecurity Framework or NIST 800-53.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Track record of writing, maintaining, and operationalizing security policies and standards.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Clear written and verbal communication, including the ability to explain technical risk to non-technical audiences.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li><span data-contrast="none">Ability to work from the Durham, NC or Washington, DC office three days per week.</span><span data-ccp-props="{"335559739":100}"> </span></li>
<li>Embrace and live by the mission and values of Cypress Creek Energy</li>
</ul>
<p><span data-contrast="none"><span data-ccp-parastyle="heading 1">Preferred Qualifications</span></span><span data-ccp-props="{"335559738":320,"335559739":180}"> </span></p>
<ul>
<li><span data-contrast="none">Industry certifications such as CISSP, CISM, GIAC (GCIH, GCFA, GCIA), or equivalent.</span><span data-ccp-props="{"3
Cuenta gratis — el contacto y el enlace oficial del empleo están en el portal.