Sr. Information Security Analyst (Incident Response)
Hawthorne, CA, United States
SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.
Sr. Information Security Analyst (Incident Response)
We are a target of both nation states and people focused on brand destruction. Information drives our business and we must protect against unauthorized changes, improper destruction, loss, or theft of that information. As a highly visible and dynamic organization, we must also value and guard against damage to our reputation and brand. Finally, it is paramount that we defend against loss of control or confidence in our systems, in order to guarantee the highest probability of mission success. SpaceX Information Security Analysts are responsible for Network Monitoring, Preventative and Detective Controls, Forensics and Investigations, Security Awareness, Security Vulnerability Management and Cyber Threat Intelligence activities.
- Assess, triage and prioritize security alerts from logging and monitoring systems.
- Identify, triage, and remediate threats based on threat intelligence as well as active analysis of log data. Assess newly published vulnerabilities and attacker Tactics, Techniques and Procedures (TTPs) to identify possible defensive measures to locate and stop threat actors. Translate these defensive measures into actionable change in coordination with Information Security engineering team.
- Analyze, reverse engineer, and enumerate the content of malicious payloads to identify point of origin, mechanism of operation, and possible indicators of compromise. Use this data to explore and identify the threat actor for the purposes of referral to law enforcement and more proactive/comprehensive defense from future attacks.
- Use knowledge of SpaceX enterprise to triage and categorize incidents, locating the root vulnerability or issue that allowed it to occur. Communicate findings back to other SpaceX teams in an actionable way for the purposes of improving/securing systems from future attack.
- Operate and help mature a SOC playbook to protect SpaceX people, missions, and assets.
- Evaluate system, application, and user data for adherence to organizational policies and procedures.
- Publish findings and data to user-groups in a concise fashion for the purposes of building security awareness.
- 6+ years of professional experience in information security areas, to include threat hunting, incident response, malware reverse-engineering, forensics, security analysis, security engineering, etc.
- Experience with operating system internals for both Linux and Windows platforms.
- Experience with network and host-based collection tools such as Snort, Bro, Suricata, Wireshark, Sysmon, OSQuery or commercial EDR solutions such as Carbon Black or Crowdstrike
- Experience with scripting languages such as Python, PowerShell, C#, Java, Bash, ann/or Visual Basic
PREFERRED SKILLS AND EXPERIENCE:
- Technical degree
- Understanding of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles.
- Understanding of temporal analysis, long-tail analysis, and event correlation
- Experience using regular expressions and scripting language(s) (e.g. Python, Bash or PowerShell) for the purposes of automating security operations and incident response processes.
- Working knowledge of network TCP/IP protocols.
- Experience using ELK, Splunk and/or other SIEMs.
- Experience with reverse-engineering, C&C exploitation, and broader system/network forensics.
- Experience with forensics frameworks such as Volatility and GRR.
- Experience writing exploits and identifying novel vulnerabilities.
- Demonstrable track record of getting things done quickly with high quality.
- Security community contributions (blog posts, white papers, conference talks, tool development, etc.)
- CISSP or equivalent certification.
- Exceptional written and verbal communication skills.
- Exceptional organizational skills.
- To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.
SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.