Senior Technical Investigations Analyst (Insider Threat)
Hawthorne, CA, United States
SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.
SENIOR TECHNICAL INVESTIGATIONS ANALYST (INSIDER THREAT)
We are looking for a Senior Analyst to join the Insider Threat Team, whose mission is to protect SpaceX’s intellectual property and confidential business information from internal and external threats. Information drives our business and we must protect against unauthorized changes, improper destruction, loss, or theft of that information. As a highly visible and dynamic organization, we must also value and guard against damage to our reputation and brand. As the Senior Technical Investigations Analyst you will work closely with the Insider Threat Team members as well as the Security Operations Center (SOC) team to develop SpaceX’s program to deter, detect, and respond to threats to the company’s intellectual property and confidential business information. The Insider Threat program is part of the greater Information Security Organization.
- Assess, triage and prioritize security alerts from logging and monitoring systems
- Identify, triage and remediate threats based on threat intelligence as well as active analysis of log data
- Investigate and communicate with peers on the risk posed by these threats. Report on findings from investigations and incidents
- Operate against a Security Operations Center (SOC) playbook as well as the Insider Threat program processes to protect SpaceX people, mission and assets
- Evaluate user data for anomalous activity
- Create and maintain alerts and detections to minimize false positives and identify concerning behavior
- Apply critical thinking to all activities and actions, in pursuit of SpaceX, and the Insider Threat Program goals
- Contributes to tool optimization and automation initiatives to streamline analysis and response workflows
- Review user activity, highlighting areas of concern or evidence of anomalous activity and escalate to management
- Respond to request for ad-hoc reporting and research topics from management as required
- Produce concise, written analysis and visual presentation of findings
- Deal professionally with offensive, profane, and obscene materials encountered during the course of investigations and research
- Apply intelligence reporting and knowledge of the security network towards the discovery of suspicious activity and to prevent and/or detect future incidents
- Support standardization of threat responses
- Support process improvement of the current insider threat program and alignment with the strategic program
- 5 + years of experience in information security areas such as threat hunting, incident response, forensics, security analysis, security engineering
- Experience with regular expressions and scripting language(s) (e.g. Python, Bash or Powershell)
- Experience with operating system internals and security controls such as a Linux and/or Windows
- Experience with cyber threats, defenses, motivations and techniques
PREFERRED SKILLS AND EXPERIENCE:
- Familiarity with ELK, Splunk, and/or other SIEMs
- Broad understanding of network architecture and network security methods to include their capabilities and limitations
- Strong understanding of threat analysis and enterprise level, mitigation strategies.
- Working knowledge or network TCP/IP Protocols
- Experience with behavioral analysis
- Experience with broader system forensics
- Experience with conducting operations in closed/vetted online forums and marketplaces in both the surface and dark web spaces
- Demonstrable track record of getting things done quickly with high quality
- Exceptional written and verbal communication skills
- Experience distilling raw information into actionable intelligence
- Experience with intelligence analysis tools, methods and the intelligence lifecycle
- Exceptional organizational skills
- SANS, GIAC, OSCP, CEH or similar certifications.
- To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.
SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.