None
What to Expect
We are looking for a highly motivated engineer specializing in the
vulnerability management and endpoint security hardening space to help defend
and protect Tesla's data, infrastructure, and products. This includes both
Corporate and Manufacturing/ICS systems. Other car companies have talked for
years about a future of "connected cars." At Tesla, we make it happen. We
regularly send over-the-air software updates to our Model S, Model 3, Model X,
and Model Y fleet, seamlessly delivering new features and improvements to our
customers. Our mobile applications allow customers to interact with their cars
via real-time, low-latency two-way communication. We also build tools for our
internal sales, delivery, and service teams. We are building “a machine that
builds a machine”. To this end, information, endpoint, and product security is
of the utmost importance. The Endpoint Security & Vulnerability Management
Team is responsible for identifying, researching, prioritizing, remediating,
and mitigating vulnerabilities in the diverse Tesla corporate and
manufacturing infrastructure. As a Vulnerability Management Security Engineer,
you will work very closely with the Tesla Red Team, GSM (Global Supply
Management), Incident Response & Detection, and Tesla Manufacturing teams and
act as a “bridge” connecting InfoSec and other engineering teams. You will
represent the InfoSec vision and make sure new and existing vulnerabilities
are remediated in a timely manner across all managed endpoints. We are looking
for a generalist, who has experience in multiple interconnected disciplines
related to system hardening, patch management, application reviews, ICS
security including ICS/SCADA equipment including all major OEMs HMI, PLCs, and
components, Windows, macOS, and Linux operating systems, and network
architectures.
What You'll Do
Security vulnerability and risk assessments of Tesla's IT and OT systems
and threat analysis to identify new and existing vulnerabilities and
driving the remediation process.
Threat modeling and good understanding of the associated risks and
mitigation techniques related to the 3rd party applications (from simple
desktop tools to complex SaaS solutions)
Support consistent vulnerability management / patch management process for
both IT and OT environments
Provide regular patch management metrics and security standards reports
Support and run vulnerability management scans of the IT and OT systems
(using tools like Tenable Nessus, Qualys, OT specific tools similar to
Tenable.ot, Claroty, and Cisco CyberVision)
Support a coordinated response to complex cyber-attacks that threaten
assets, intellectual property, networks and computer systems
Contribute to the development and improvement of security monitoring of
the Tesla Gigafactories' infrastructure
Perform recurring security assessments of corporate compute images against
industry best practices and standards
System and configuration management at scale (automation using SCCM,
Chef, Ansible, JAMF)
Periodic application security reviews
Security process improvement based on prior proven experience for process
optimization and effectiveness testing
What You'll Bring
Minimum 4 years of prior hands-on vulnerability management / application
security /endpoint security experience
Experience related to industrial control systems security is desirable.
Good understanding of security architecture and experience managing and
hardening of secure configurations of both Corporate and
Industrial/Manufacturing systems and protocols
Experience with vulnerability identification and prioritization in an
enterprise setting
Experience using scripting languages (Python or similar, PowerShell
scripts, bash)
Real world experience using at least one major SIEM system
Experience with Splunk is a bonus
Security Certifications (i.e. Security+, CISSP, CEH, SANS, etc.)
