Cyber Assurance Analyst

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.

CYBER ASSURANCE ANALYST

Assurance is more than doing what is forced upon us; it's about driving and delivering against our trust proposition, enabling teams across the company to meet the standards we set upon ourselves.  It's about aggregating internal and external expectations and creating THE standard.  And then it's about partnering and enabling our teams to meet and exceed this bar in a highly efficient and effective manner.  If the thought of an assurance program which is integrated with business operations and works to proactively defend and enable opportunity is motivating, then we should talk.

This teammate will operate within the Information Assurance team and will be conducting system assessments and facilitating audits throughout the enterprise. Additionally, you’ll be assisting with the maturation and implementation of our assurance program in collaboration with the Assurance Managers and the broader team. This position will involve hands-on execution of the assurance program, assessment, and audit execution.  It also includes the development of control application efficiencies and recommendations, and mentoring fellow team members. The ideal candidate will be driven to create partnerships with system owners; someone who is firm when it matters but also flexible enough to move the ball forward.  They will excel at multi-tasking and flourish in an environment where learning never ceases, where the breadth of operations ranges from rockets to routing tables, and where teams are laser focused on mission accomplishment -- excitement guaranteed!

RESPONSIBILITIES:

• Plan, prepare for, schedule, and coordinate internal assessments and external audits.
• Perform assessments of systems and networks within our environment and identify where those systems and networks deviate from acceptable configurations, enterprise policy, or local standards.
• Identify security and compliance gaps and partner with system owner and stakeholders to appropriately remediate.
• Generate awareness of assessment results, facilitate and prepare system security plans and update the plan of actions and milestones.
• Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data.
• Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted enterprise, industry, and government standards.
• Assess, communicate and partner with our business and systems owners to determine security control efficacy, solutions within constraints, and facilitate justifiable confidence in the system's security posture.
• Operate and contribute to continuous improvement of information security assurance processes and systems.
• Maintain awareness of changes to regulations, compliance guidelines, assessment methodologies, and the emerging TTPs; recommend proactive changes to controls, policies, and procedures in response to these changes.

BASIC QUALIFICATIONS:

• 2+ years of experience (can be concurrent) in utilizing security relevant tools, systems, and applications in support of the risk management framework (RMF), continuous authorization, and continuous monitoring, e.g.: NESSUS, ACAS, DISA STIGs, SCAP, audit reduction, and HBSS.
• 2+ years of experience (can be concurrent) with control testing, security standards/policy implementation, security audits, or security risk management.

PREFERRED SKILLS AND EXPERIENCE:

• Demonstrated experience partnering with and preparing information system owners for internal assessments facilitating and leading external audits, and driving gaps and findings to closure in a collaborative manner.
• Ability to manage and prioritize multiple concurrent requests while setting realistic expectations with stakeholders.
• Strong understanding of security program and control frameworks, assessment methodologies, and practices, i.e. NIST RMF, NIST CSF, ISO-27001, 800-53(a), 800-171(a), CMMC, CNSSI 1253, 800-137, PCI, HIPAA, GDPR.
• Strong understanding of data controls and compliance regimens including CUI, ITAR, EAR, Cardholder Data, PII, PHI, etc.
• Technical project and/or operations management skills.
• Experience balancing tradeoffs between people and data collected evidence enabling continual movement toward continuous monitoring.
• Proven experience working with internal or external organizations to prepare for, conduct, and manage audits efficiently and effectively.
• Ability to incorporate lessons learned into the continuous process improvement cycle driving increased assurance effectiveness and efficiency.
• CISSP, CISM, CISA, GNSA or equivalent certification.

COMPENSATION AND BENEFITS:             

Pay Range:         

Cyber Assurance Analyst/Level I: $95,000.00 - $115,000.00/per year
Cyber Assurance Analyst/Level II: $110,000.00 - $130,000.00/per year    

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience.

Base salary is just one part of your total rewards package at SpaceX. You may also be eligible for long-term incentives, in the form of company stock, stock options, or long-term cash awards, as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan. You will also receive access to comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short and long-term disability insurance, life insurance, paid parental leave, and various other discounts and perks. You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year. Exempt employees are eligible for 5 days of sick leave per year.         

ITAR REQUIREMENTS:

• To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.  

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.