Apply on Employer Site

SpaceX · 1 day ago

Sr. Cyber Assurance Analyst

Hawthorne, CA

Full-time

Onsite

Senior Level

$125K/yr - $175K/yr

5+ years exp

SpaceX is a company focused on developing technologies to enable human life on Mars. They are seeking a Sr. Cyber Assurance Analyst to provide confidence that systems meet security, regulatory, and compliance obligations, while working closely with engineers to validate controls and manage risks.

Advanced MaterialsAerospaceManufacturingNational SecuritySpace Travel

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Lead and support security audits and certification (NIST 800-171, NIST 800-53, ISO 27001, etc.) efforts

Partner with engineers to gather and validate technical evidence (configs, code snippets, logs, system designs, etc)

Perform technical security and risk assessments of systems and networks within our environment and identify where they deviate from security policy, standards or regulations

Identify security control/ compliance gaps, advise on remediation, and drive timely resolution with engineers

Maintain necessary documentation of controls, processes and audits

Identify and drive assessments and audit efficiency through system integration, data utilization, and process improvement

Support third-party risk management efforts including supplier onboarding and periodic cyber assessments

Identify and propose business enabling actions by maintaining an up-to-date understanding of emerging trends in information security risks, changes in standards, and new compliance/assurance techniques and trends

Mentor fellow teammates and take an active role in their development

Qualification

Cybersecurity complianceSecurity auditsSecurity frameworksControl testingRisk managementSecurity toolingProject managementCommunicationMentoringCollaborationProblem-solving

Required

High school diploma or equivalency certificate

5+ years of experience (can be concurrent) in cybersecurity compliance, audit or technical security roles with strong knowledge in security compliance frameworks (e.g. NIST 800-53, NIST 800-171, ISO 27001)

5+ years of experience (can be concurrent) with control testing, security standards/policy development, security audits, or security risk management

Must be willing to travel (<25%) domestically and internationally in support of audit and other assurance activities

Must be willing to work extended hours and/or weekends as needed

This role requires you to be onsite, remote/hybrid work will not be considered

Preferred

Ability to interpret code/ configurations and analyze system/ network designs for compliance implications. Experience with security tooling such as vulnerability scanners, SIEMS, container security, system configuration baseline checks (e.g. CIS Benchmarks, STIGs, etc.)

Demonstrated experience partnering with and preparing information system owners for internal assessments, facilitating and leading external audits, and driving gaps and findings to closure in a collaborative manner

Strong understanding of security program and control frameworks, assessment methodologies, and practices, i.e. NIST RMF, NIST CSF, ISO-27001, 800-53(a), 800-171(a), CMMC, CNSSI 1253, 800-137, PCI, HIPAA, GDPR, etc

Experience evaluating third-party risk, communicating with external stakeholders, and supporting appropriate mitigations

Strong communication skills across all organizational levels and ability to build cross-organizational coalitions

Direct experience with external audits, regulatory compliance reviews and examinations

Project and program management experience, tooling integration, and delivery in highly fluid environments

Processional certifications such as CISA, CISM, CISSP, GSNA, ISO 27001 auditor, PCI ISA or QSA, or equivalent certifications