Sr Vulnerability Management Engineer, Endpoint Security

April 08, 2023
Offerd Salary:Negotiation
Working address:N/A
Contract Type:Other
Working Time:Negotigation
Working type:N/A
Ref info:N/A


What to Expect

We are looking for a highly motivated engineer specializing in the vulnerability management and endpoint security hardening space to help defend and protect Tesla's data, infrastructure, and products. This includes both Corporate and Manufacturing/ICS systems. Other car companies have talked for years about a future of "connected cars." At Tesla, we make it happen. We regularly send over-the-air software updates to our Model S, Model 3, Model X, and Model Y fleet, seamlessly delivering new features and improvements to our customers. Our mobile applications allow customers to interact with their cars via real-time, low-latency two-way communication. We also build tools for our internal sales, delivery, and service teams. We are building “a machine that builds a machine”. To this end, information, endpoint, and product security is of the utmost importance. The Endpoint Security & Vulnerability Management Team is responsible for identifying, researching, prioritizing, remediating, and mitigating vulnerabilities in the diverse Tesla corporate and manufacturing infrastructure. As a Vulnerability Management Security Engineer, you will work very closely with the Tesla Red Team, GSM (Global Supply Management), Incident Response & Detection, and Tesla Manufacturing teams and act as a “bridge” connecting InfoSec and other engineering teams. You will represent the InfoSec vision and make sure new and existing vulnerabilities are remediated in a timely manner across all managed endpoints. We are looking for a generalist, who has experience in multiple interconnected disciplines related to system hardening, patch management, application reviews, ICS security including ICS/SCADA equipment including all major OEMs HMI, PLCs, and components, Windows, macOS, and Linux operating systems, and network architectures.

What You'll Do

  • Security vulnerability and risk assessments of Tesla's IT and OT systems and threat analysis to identify new and existing vulnerabilities and driving the remediation process.
  • Threat modeling and good understanding of the associated risks and mitigation techniques related to the 3rd party applications (from simple desktop tools to complex SaaS solutions)
  • Support consistent vulnerability management / patch management process for both IT and OT environments
  • Provide regular patch management metrics and security standards reports
  • Support and run vulnerability management scans of the IT and OT systems (using tools like Tenable Nessus, Qualys, OT specific tools similar to Tenable.ot, Claroty, and Cisco CyberVision)
  • Support a coordinated response to complex cyber-attacks that threaten assets, intellectual property, networks and computer systems
  • Contribute to the development and improvement of security monitoring of the Tesla Gigafactories' infrastructure
  • Perform recurring security assessments of corporate compute images against industry best practices and standards
  • System and configuration management at scale (automation using SCCM, Chef, Ansible, JAMF)
  • Periodic application security reviews
  • Security process improvement based on prior proven experience for process optimization and effectiveness testing
  • What You'll Bring

  • Minimum 4 years of prior hands-on vulnerability management / application security /endpoint security experience
  • Experience related to industrial control systems security is desirable.
  • Good understanding of security architecture and experience managing and hardening of secure configurations of both Corporate and Industrial/Manufacturing systems and protocols
  • Experience with vulnerability identification and prioritization in an enterprise setting
  • Experience using scripting languages (Python or similar, PowerShell scripts, bash)
  • Real world experience using at least one major SIEM system
  • Experience with Splunk is a bonus
  • Security Certifications (i.e. Security+, CISSP, CEH, SANS, etc.)
  • From this employer

    Recent blogs

    Recent news