VentureLoop : SpaceX - SECURITY POLICY AND COMPLIANCE ENGINEER

SpaceX Click for Full Company Profile

SECURITY POLICY AND COMPLIANCE ENGINEER

Investors :

Location :

1 Rocket Rd
Hawthorne, CA 90250

Overview :

In an era when most technology based products follow a path of ever-increasing capability and reliability while simultaneously reducing costs, launch vehicles today are little changed from those of 40 years ago. SpaceX aims to change this paradigm by developing a family of launch vehicles which will ultimately reduce the cost and increase the reliability of space access by a factor of ten. …

Hide company information

 

Send to Friend:

Job Details

SECURITY POLICY AND COMPLIANCE ENGINEER

Hawthorne, CA, US

 

SpaceX - Full-Time | Job date : 07-06-2018

Description

This engineer is part of the Information Assurance and Compliance team and is responsible for supporting SpaceX’s ISO-27001 and NIST 800-53 compliance efforts. Under the direction of management, this position will focus on supporting the ISO-27001 and NIST 800-53 compliance program as part of the Information Security Management System (ISMS).

RESPONSIBILITIES:

  • Assess and interpret Information Assurance requirements to design and engineer actionable, pragmatic and sustainable Information Security controls.
  • Serve in an advisory and consultative capacity to consult and advise control owners on practical and technically accurate control design and implementation techniques based on requirements.
  • Focus on documenting and auditing<strong< strong="" style="box-sizing: border-box;">security controls on in-scope systems in context of ISO-27001 certification and NIST 800-53 security program. The engineer will work on projects such as:
    • System hardening 
    • Secure software development and threat modeling 
    • Security System Architecture 
    • Vulnerability Management 
    • Configuration Management & Automation
    • Logging & monitoring systems 
    • Endpoint Host Security 
    • Supplier and Customer security reviews
  • Work with functional engineering talent to drive control review. Design and create frictionless in-depth system level documentation in support of the ISO-27001 and NIST 800-53 implementation.
  • Assess and interpret Information Assurance requirements to help design actionable, pragmatic and sustainable Information Security controls as required by the ISO-27001 and NIST 800-53 control framework.
  • Work withsystem owners and engineers to drive implementation and ongoing management of the ISMS control framework based on requirements.
  • Create high quality technical documentation (i.e. policies, procedures and standards, guidelines). Document control framework implementation in Governance Risk and Compliance tool with workflow to automate control review and data collection. 
  • Facilitate and lead assessments to assess control posture and maturity. Stratify risks and operate a risk registry. Validate, prioritize and drive remediation of control gaps with system owners.
  • Facilitate and liaise with external auditors and stakeholders on audits and reviews.
  • Partner with internal stakeholders to support negotiations of Information Assurance contractual agreements with customers.
  • Assist with developing and delivering security awareness materials and training.
  • Communicate complex concepts with senior management, technical personnel, auditors and external stakeholders in a concise and professional manner.
  • Assist management with Information Assurance roadmap creation, execution and managing of expectations with all in-scope stakeholders.
  • Assist with meeting all other IT security compliance requirements.
  • Perform other tasks under the direction of management.

BASIC QUALIFICATIONS:

  • Bachelor’s degree in information assurance/security/technology, computer science, engineering, or similar technical discipline
  • Minimum of 7<span< span="" style="box-sizing: border-box;"> years of experience in information security/assurance
  • Experience with system hardening and/or implementing enterprise security controls <span< span="" style="box-sizing: border-box;">  

PREFERRED SKILLS AND EXPERIENCE:

  • Master’s degree in information assurance/security/technology and 10 years demonstrated working experience in Information Assurance, Security or Technology.
  • Broad knowledge and practical understanding of modern IT Infrastructure, DevOps and Agile Software Development.
  • Demonstrated competency evaluating and implementing Information Assurance controls based on recognized frameworks (e.g. ISO-27001/2, NIST SP-800 53, CNSSI 1253, DoD 5200/8500 series) in a high security environment.
  • Robust technical policy writing skills with a penchant for balancing requirements with practicality and first principles reasoning.
  • Very strong project management, presentation and communication skills.
  • In-depth knowledge of data protection and integrity, operating systems, network security, authentication, and security protocols.
  • Demonstrated success building trust with engineering teams to drive compliance requirements in an Agile and highly innovative environment.
  • Demonstrating experience auditing or assessing as many of the following: Linux (Debian/Ubuntu), Windows (7/2008/2012), Arista/Cisco switches, Palo Alto Firewalls, Elk Stack and configuration management tools such as Puppet.
  • Understanding of Agile software development methodology/tools (Scrum, Kanban, Jira), Version Control Systems and continuous integration processes (Jenkins, Bamboo). Knowledge of secure SDLC methodologies (i.e. BSIMM, DREAD, STRIDE).
  • Knowledge of compliance automation via GRC tool workflow and control automation techniques with scripting. Familiarity with scripting languages (Bash, Python) is desirable.
  • Certifications: ISO 27001 Lead Auditor/Implementer; CISA, CISM, CISSP, SANS GSEC, PMP

Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.