Sr. Cyber Assurance Analyst

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars. 

SR. CYBER ASSURANCE ANALYST

Assurance is more than doing what is forced upon us; it's about driving and delivering against our trust proposition, enabling teams across the company to meet the standards we set upon ourselves. It's about aggregating internal and external expectations and creating THE standard.  And then it's about partnering and enabling our teams to meet and exceed this bar in a highly efficient and effective manner. If the thought of an assurance program which is integrated with business operations and works to proactively defend and enable opportunity is motivating, we should talk.  

This teammate will operate within the Information Assurance team and will be conducting system assessments and facilitating audits throughout the enterprise.  Additionally, you’ll be assisting with the maturation and implementation of our assurance program in collaboration with the Information Assurance Manager and taking on additional leadership roles as needed. This position will involve hands-on execution of the assurance program, assessment, and audit execution, the development of control application efficiencies and recommendations, and mentoring fellow Information Assurance team members. The ideal candidate will be driven to create partnerships with system owners; someone who is firm when it matters but also flexible enough to move the ball forward.  They will excel at multi-tasking and flourish in an environment where learning never ceases, where the breadth of operations ranges from rockets to routing tables, and where teams are laser focused on mission accomplishment -- excitement guaranteed!  

RESPONSIBILITIES: 

• Plan, prepare for, schedule, and coordinate internal assessments and external audits
• Perform assessments of systems and networks within our environment and identify where those systems and networks deviate from acceptable configurations, enterprise policy, or local standards
• Identify security and compliance gaps and partner with system owner and stakeholders to appropriately remediate
• Generate awareness of assessment results, facilitate and prepare system security plans and update the plan of actions and milestones
• Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed
• Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data
• Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
• Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acceptance Letters (RAL), System Security Plans (SSP), Plans of Action & Milestones (POA&M), and support Continuous Monitoring
• Manage, assess, communicate and partner with our business and systems owners to determine the efficacy of security controls, solution around constraints, and facilitate justifiable confidence in the system's security posture
• Operate and contribute to continuous improvement of information security assurance processes and systems
• Stay abreast of changes to regulations, compliance guidelines, assessment methodologies, and the emerging TTPs; recommend proactive changes to controls, policies, and procedures to respond to these changes

BASIC QUALIFICATIONS: 

• 5+ years of experience applying security controls to information systems and assessing their effectiveness 
• 3+ years of experience in utilizing security relevant tools, systems, and applications in support of the Risk Management Framework (RMF), Continuous Authorization, and Continuous Monitoring  (e.g.: NESSUS, ACAS, DISA STIGs, SCAP, Audit Reduction, HBSS)
• 3+ years of experience with control testing, security standards/policy implementation, security audits, or security risk management

PREFERRED SKILLS AND EXPERIENCE: 

• Demonstrated experience partnering with and preparing information system owners for internal assessments facilitating and leading external audits, and driving gaps and findings to closure in a collaborative manner
• Ability to manage and prioritize multiple concurrent requests while setting realistic expectations with stakeholders
• Strong understanding of security program and control frameworks, assessment methodologies, and practices (e. NIST RMF, NIST CSF, ISO-27001, 800-53(a), 800-171(a), CMMC, CNSSI 1253, 800-137, PCI, HIPAA, GDPR)
• Strong understanding of data controls and compliance regimens (i.e. CUI, ITAR, EAR, Cardholder Data, PII, PHI)
• Technical project and/or operations management skills
• Ability to balance tradeoffs between people and data collected evidence enabling continual movement toward continuous monitoring
• Proven experience working with internal or external organizations to prepare for, conduct, and manage audits efficiently and effectively
• Experience with incorporation of lessons learned into the continuous process improvement cycle driving increased assurance effectiveness and efficiency
• CISSP, CISM, CISA, GNSA or equivalent certification

COMPENSATION AND BENEFITS:    Pay Range:    Assurance Analyst/Senior: $125,000.00 - $175,000.00/per year        Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience.    Base salary is just one part of your total rewards package at SpaceX. You may also be eligible for long-term incentives, in the form of company stock, stock options, or long-term cash awards, as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan. You will also receive access to comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short and long-term disability insurance, life insurance, paid parental leave, and various other discounts and perks. You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year. Exempt employees are eligible for 5 days of sick leave per year.

ADDITIONAL REQUIREMENTS:

• Must be available to work extended hours and weekends as needed

ITAR REQUIREMENTS: 

• To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here  

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status. 

Applicants wishing to view a copy of SpaceX’s Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.