Sr. Cyber Assurance Analyst
SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not.
Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.
SR.
CYBER ASSURANCE ANALYST Assurance is more than doing what is forced upon us; it's about driving and delivering against our trust proposition, enabling teams across the company to meet the standards we set upon ourselves.
It's about aggregating internal and external expectations and creating THE standard.
And then it's about partnering and enabling our teams to meet and exceed this bar efficiently and effectively.
If the thought of an assurance program that is integrated with business operations and works to proactively defend and enable opportunity is motivating, then we should talk.
As a teammate you will operate within the Information Assurance team and will be conducting system and third-party control and risk assessments, as well as facilitating audits across the company.
Additionally, you ll be assisting with the maturation and implementation of our assurance program in collaboration with our Assurance Managers and the broader team.
Your role involves hands-on execution of our assessment and audit programs and facilitating the development of system control baselines through engineering engagement and standards creation.
As an ideal candidate, you're driven to create partnerships with system and business owners; firm when it matters but also flexible enough to move the ball forward.
You excel at concurrent complex efforts and flourish in an environment where learning never ceases, where the breadth of operations ranges from rockets to routing tables, and where teams are laser-focused on mission accomplishment -- excitement guaranteed!
Responsibilities:
Perform technical assessments of systems and networks within our environment and identify where those systems and networks deviate from acceptable configurations, enterprise policy, or local standards.
Identify security and compliance gaps, partnering with system owners and stakeholders to appropriately remediate.
Generate awareness of assessment results, facilitate and prepare system security plans, and update remediation plans.
Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data.
Identify and drive assessment and audit efficiency through system integration, data utilization, and process improvement.
Support third-party risk management efforts including supplier onboarding and periodic cyber assessments, to include risk analysis.
Serve as an enabler by partnering with teams throughout the organization to support risk decisioning and our collective risk management efforts.
Manage identification and tracking of audits, assessments and impacted programs and business objectives; identified gaps, corrective action plans/plans of action & milestones, and provide leadership awareness.
Work with other SpaceX teams to determine functional needs, implement efficient and sustainable solutions and communicate security policies.
Mentor fellow teammates and take an active role in their development.
Identify and propose business enabling actions by maintaining an up-to-date understanding of emerging trends in information security risks and new compliance/assurance techniques and trends.
Maintain awareness of changes to regulations, compliance guidelines, assessment methodologies, and the emerging TTPs; recommend proactive changes to controls, policies, and procedures in response to these changes.
BASIC
Qualifications:
5
years experience (can be concurrent) utilizing security relevant tools, systems, and applications that support Information security risk management and security continuous monitoring (e.
g.
:
vulnerability scanning or detection tools, security system configuration audit tools, Nessus, DISA STIGs, CIS Benchmarks).
5
years of experience (can be concurrent) with control testing, security standards/policy development, security audits, or security risk management.
PREFERRED SKILLS AND
Experience:
Demonstrated experience partnering with and preparing information system owners for internal assessments, facilitating and leading external audits, and driving gaps and findings to closure in a collaborative manner.
Experience evaluating third-party risk, communicating with stakeholders, and supporting appropriate mitigations.
Deep understanding of information security control and management frameworks, e.
g.
CMMC, ISO-27001, ISO 27036, ISO 20243, NIST 800-171/172, NIST 800-53, NIST 800-161.
Strong communication skills across all organizational levels and ability to build cross-organizational coalitions.
Direct experience with regulatory compliance reviews and examinations.
Project and program management experience, tooling integration, and delivery in highly fluid environments.
Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
CISSP, CISM, CISA, CRISC, GNSA, ISO 27001 auditor or equivalent certifications.
ADDITIONAL REQUIREMENTS:
Must be willing to travel (.
Estimated Salary: $20 to $28 per hour based on qualifications.
Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.
SR.
CYBER ASSURANCE ANALYST Assurance is more than doing what is forced upon us; it's about driving and delivering against our trust proposition, enabling teams across the company to meet the standards we set upon ourselves.
It's about aggregating internal and external expectations and creating THE standard.
And then it's about partnering and enabling our teams to meet and exceed this bar efficiently and effectively.
If the thought of an assurance program that is integrated with business operations and works to proactively defend and enable opportunity is motivating, then we should talk.
As a teammate you will operate within the Information Assurance team and will be conducting system and third-party control and risk assessments, as well as facilitating audits across the company.
Additionally, you ll be assisting with the maturation and implementation of our assurance program in collaboration with our Assurance Managers and the broader team.
Your role involves hands-on execution of our assessment and audit programs and facilitating the development of system control baselines through engineering engagement and standards creation.
As an ideal candidate, you're driven to create partnerships with system and business owners; firm when it matters but also flexible enough to move the ball forward.
You excel at concurrent complex efforts and flourish in an environment where learning never ceases, where the breadth of operations ranges from rockets to routing tables, and where teams are laser-focused on mission accomplishment -- excitement guaranteed!
Responsibilities:
Perform technical assessments of systems and networks within our environment and identify where those systems and networks deviate from acceptable configurations, enterprise policy, or local standards.
Identify security and compliance gaps, partnering with system owners and stakeholders to appropriately remediate.
Generate awareness of assessment results, facilitate and prepare system security plans, and update remediation plans.
Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data.
Identify and drive assessment and audit efficiency through system integration, data utilization, and process improvement.
Support third-party risk management efforts including supplier onboarding and periodic cyber assessments, to include risk analysis.
Serve as an enabler by partnering with teams throughout the organization to support risk decisioning and our collective risk management efforts.
Manage identification and tracking of audits, assessments and impacted programs and business objectives; identified gaps, corrective action plans/plans of action & milestones, and provide leadership awareness.
Work with other SpaceX teams to determine functional needs, implement efficient and sustainable solutions and communicate security policies.
Mentor fellow teammates and take an active role in their development.
Identify and propose business enabling actions by maintaining an up-to-date understanding of emerging trends in information security risks and new compliance/assurance techniques and trends.
Maintain awareness of changes to regulations, compliance guidelines, assessment methodologies, and the emerging TTPs; recommend proactive changes to controls, policies, and procedures in response to these changes.
BASIC
Qualifications:
5
years experience (can be concurrent) utilizing security relevant tools, systems, and applications that support Information security risk management and security continuous monitoring (e.
g.
:
vulnerability scanning or detection tools, security system configuration audit tools, Nessus, DISA STIGs, CIS Benchmarks).
5
years of experience (can be concurrent) with control testing, security standards/policy development, security audits, or security risk management.
PREFERRED SKILLS AND
Experience:
Demonstrated experience partnering with and preparing information system owners for internal assessments, facilitating and leading external audits, and driving gaps and findings to closure in a collaborative manner.
Experience evaluating third-party risk, communicating with stakeholders, and supporting appropriate mitigations.
Deep understanding of information security control and management frameworks, e.
g.
CMMC, ISO-27001, ISO 27036, ISO 20243, NIST 800-171/172, NIST 800-53, NIST 800-161.
Strong communication skills across all organizational levels and ability to build cross-organizational coalitions.
Direct experience with regulatory compliance reviews and examinations.
Project and program management experience, tooling integration, and delivery in highly fluid environments.
Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
CISSP, CISM, CISA, CRISC, GNSA, ISO 27001 auditor or equivalent certifications.
ADDITIONAL REQUIREMENTS:
Must be willing to travel (.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
