About the role
Who We Are
Clean Power Alliance (CPA) is Southern California’s locally operated not-for-profit default electricity provider for 38 communities within Los Angeles and Ventura counties and the 4th largest electricity provider in the State of California. We provide clean renewable energy at competitive rates to over three million residents and businesses through approximately one million customer accounts.
What You’ll Do
CPA is seeking an experienced, detail-oriented, and security-minded professional to join our growing team as Engineer, Cloud Security. This position serves as CPA’s technical lead for cybersecurity architecture and operations with deep expertise in Microsoft enterprise and cloud security platforms. This role designs, oversees, and implements security controls across identity, endpoints, cloud infrastructure, data protection, and CPA’s overall Microsoft enterprise ecosystem to safeguard CPA assets and ensure compliance with the National Institute of Standards and Technology (NIST) security frameworks.
The ideal candidate combines deep technical expertise with strong judgment, understands the threat landscape facing critical infrastructure and energy sector organizations, and proactively designs architectures that balance security, usability, and operational efficiency.
Who You’ll Work With
The Engineer, Cloud Security reports to the Senior Director, Data & Systems and is supported by a team of technology professionals, along with external stakeholders, consultants, our Data and Systems team, and our business partner, Southern California Edison (SCE). The Engineer, Cloud Security works closely with the Energy Risk Management, Finance, Power Supply, and Customer Care teams and will stay current with CPA’s core business by continuously collaborating with teams overseeing Communications and Marketing, Government Affairs, Regulatory Affairs, and Rates and Strategy.
Commitment to Diversity
At CPA, we value diversity and are committed to creating an inclusive environment for all employees. We represent a diverse customer base and intend to hire employees that reflect our communities. Clean Power Alliance provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.
Culture
CPA fosters a culture of open communication, responsibility, intellectual curiosity, and exceptional judgment. As a small team that has quickly built the largest Community Choice Aggregation program in the country, high levels of trust, collaboration, and mission alignment are key factors in success. We value fact-based creativity in our work, accountability with our stakeholders, and promote ethical engagement and diversity with our brand.
Requirements
- Proficient with Microsoft Office Suite
- Ability to act with integrity, professionalism, and confidentiality.
- Ability to fully own tasks and processes with minimal oversight.
- Ability to handle multiple priorities to meet deadlines and escalate key issues.
- Proficient with data visualization tools and software (i.e., Tableau, Power BI).
- Strong hands-on experience administering Microsoft Entra ID, including identity governance, conditional access, and privileged identity management.
- Deep expertise with Microsoft Defender XDR (Defender for Endpoint, Identity, Office 365, and Cloud) for threat detection and response.
- Proven experience designing and operating Microsoft Sentinel for SIEM, including KQL, analytics rules, workbooks, and automation.
- Hands-on experience with Microsoft Intune for endpoint management, configuration profiles, compliance policies, and application protection.
- Working knowledge of Microsoft Purview for data classification, data loss prevention (DLP), insider risk, and information protection.
- Strong understanding of cloud security posture management, including Microsoft Defender for Cloud and secure configuration baselines.
- Practical experience applying the NIST Cybersecurity Framework and supporting controls aligned to NIST 800-53 or 800-171.
- Experience with vulnerability management, threat intelligence, and incident response operations.
- Well-versed in cloud environments, identity and access management, endpoint security, network security, best-practice security governance, data privacy regulations, and zero-trust architecture principles.
- Deep understanding of the interactions between systems and how business processes are enabled and impacted by those systems.
- Experience or coursework with cloud platform security services, especially Amazon Web Services; cloud-native security tooling; Windows and Linux endpoint hardening; SQL databases.
Duties and Responsibilities
- Security Architecture & Platform Design: Architect, implement, and administer enterprise security solutions across Microsoft platforms including Microsoft Entra ID, Microsoft Defender XDR, Microsoft Intune, Microsoft Sentinel, and Microsoft Purview. Collaborate with the members of the Data and Systems team including but not limited to the Architect to define architectural standards and reference patterns that optimize security posture, scalability, and operational efficiency. Create and maintain security architecture and design documentation.
- Identity & Endpoint Security: Lead cybersecurity architecture and security design including identity governance, conditional access policies, endpoint protection, and Microsoft cloud security posture management. Implement and tune controls to enforce least privilege, zero-trust principles, and secure device baselines across the enterprise. Manage and coordinate the work of managed security service providers (MSP/MSSP), including vendor oversight, SLA management, and deliverable review.
- Threat Detection & Incident Response: Direct enterprise threat detection, incident response, vulnerability management, and security monitoring programs across the Microsoft enterprise ecosystem. Develop detection content, response playbooks, and automation in Microsoft Sentinel and Defender to reduce mean time to detect and respond. Lead incident documentation and reporting, including timely notification and escalation to senior leadership, and coordination of any required regulatory or contractual reporting within mandated timeframes. Conduct post-incident reviews and track remediation to closure.
- Policy, Compliance & Roadmaps: Develop and maintain cybersecurity policies, standards, and technical roadmaps, including the implementation of NIST Cybersecurity Framework adoption items. Coordinate with audit, regulatory, and risk stakeholders to evidence control effectiveness and close identified gaps.
- Advisory & Awareness: Serve as CPA’s advisor on cybersecurity risk, Microsoft platform security capabilities, and emerging cyber threats while providing IT security support and supporting enterprise security awareness initiatives. Partner with departments to evaluate the security implications of new tools, integrations, and business processes. Partner with Marketing & Communications to secure CPA's public-facing web properties and customer portals, including secure configuration, vulnerability remediation, and third-party/vendor risk for externally hosted sites. Serve as subject matter expert and primary point of contact during audits for security related items.
- Continuous Improvement: Create, enhance, document, and manage continuous improvement initiatives across the security program. Responsible for identifying inefficiencies, proposing solutions to senior leadership, and leading the implementation of new tools, automation, and reporting frameworks that enable the team to scale and improve various systems.
- Perform other duties as assigned.
Successful Candidates Must Demonstrate the Following Abilities:
- Demonstrate good judgment and integrity.
- High attention to detail with strong organizational skills.
- Communicate effectively, orally, and in writing; and the ability to translate complex technical information into non-technical language.
- Have a strong work ethic and be comfortable taking initiative/working in a fast paced, start-up environment.
- Work well on diverse teams and be highly collaborative.
- Must be able to work at a desk and on a computer for prolonged periods.
Qualifications
- Candidates must have a bachelor’s degree in information technology, computer science, information systems, cybersecurity, or a related field.
- Must have a minimum of 5 years of experience in cybersecurity, cloud security, or enterprise IT security work.
- Must hold at least one relevant industry cybersecurity certification (e.g., Microsoft SC-100, SC-200, SC-300, AZ-500, CISSP, CISM, or GIAC) or obtain one within 6–12 months of hire. Additional certifications across these tracks are highly desired.
- Maintain current, relevant security certifications and stay abreast of evolving Microsoft security platforms, threat trends, and regulatory requirements through ongoing professional development.
- Experience supporting a regulated industry (energy, utilities, financial services, healthcare, or public sector) and start-up experience is highly desired.
Work Location
This position is eligible for either Hybrid or Remote options. The Hybrid option requires 2-3 assigned full-time days in the Downtown Los Angeles office and includes a transportation allowance. The Remote & Hybrid options require full-time in-person attendance at organization or team-wide events 3 times per year for 3-5 days per event. All staff are required to work during CPA’s office hours Monday-Friday 8:30am-5:30pm PST.
Benefits
The salary range for this position is $158,711.06-238,065.55, with exact compensation to be determined by Clean Power Alliance, dependent on experience. Benefits include health care, a 401(k)-like match program, paid vacation, and sick leave. This is not a civil service position; however, all CPA employees are required to submit a Statement of Economic Interests form, also known as the Form 700.
How to Apply
Candidates should apply on CPA’s Career Page. The start date for the position is September 1, 2026 and will remain open until filled.