Risk Program Manager (Cyber-Supply Chain) at SpaceX
Redmond, WA, United States
SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible, with the ultimate goal of enabling human life on Mars.
RISK PROGRAM MANAGER (CYBER-SUPPLY CHAIN)
Supply chains are complex beasts where actions by or to a trusted supplier can have outsized effects on an organization's objective. As a cyber-supply chain risk program manager, you will be directly responsible for organizing our teams and taking focused actions to increase our trust proposition. Providing justifiable confidence and assurance in the integrity of our products and services while protecting our internal operations is the end goal; and in doing so strengthening the foundations in which our relationships rest. At SpaceX we value initiative, dependability, and perseverance; where you have the latitude to rally people to the cause and deliver your vision.
This teammate will operate within the Information Assurance team and will be assisting with the maturation and implementation of our cyber-supply chain risk management program in collaboration with our supply chain, engineering, and other stakeholders. This position will also involve hands-on execution of the tactical efforts such as supplier incident analysis, due diligence assessments, and program supplier risk analysis. The ideal candidate will be driven to create program efficiencies and are firm when it matters but also flexible enough to move the ball forward. They will excel at multi-tasking and flourish in an environment where learning never ceases, where the breadth of operations ranges from rockets to routing tables, and where teams are laser focused on mission accomplishment - excitement guaranteed!
RESPONSIBILITIES:
Refine and improve the cyber-supply chain risk management program in collaboration with supply chain partners.
Facilitate the definition of cyber-supply chain risk management objectives and integration into broader teams' strategic and tactical plans.
Integrate cyber-supply chain risk management activities with the broader supply chain risk management program.
Refine and adapt program operations and performance metrics informing key stakeholders and enable their decision-making process.
Prioritize risk management activities and projects, arming our SpaceX teammates with knowledge and skills to scale operations.
Define, adapt, and monitor proactive and reactive risk identification, analysis, and mitigation processes including: third-party due diligence and risk analysis, cyber-incident response augmentation, and development/engagement activities.
BASIC QUALIFICATIONS:
Bachelor's degree in cyber security, computer science, engineering, information technology, or science discipline; or 2+ years of professional experience in information security.
Experience with operating system internals for Linux, Windows, or macOS platforms.
Experience with network and host-based collection tools.
PREFERRED SKILLS AND EXPERIENCE:
Understanding of classic and emerging threat actor tactics, techniques, and procedures in both pre- and post-exploitation phases of attack lifecycles.
Deep understanding of incident response processes.
Experience using Elastic, Splunk and/or other SIEMs.
Experience scripting language(s) for the purposes of automating security operations and incident response processes.
Experience with reverse engineering, C2 exploitation, and broader system/network forensics.
Security community contributions (blog posts, conference talks, CTFs, tool development, etc.)
Knowledge of cloud infrastructure and cloud security.
SANS/GIAC, OSCP or similar certifications.
ADDITIONAL REQUIREMENTS:
ITAR REQUIREMENTS:
SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.
Applicants wishing to view a copy of SpaceX's Affirmative Action Plan for veterans and individuals with disabilities, or applicants requiring reasonable accommodation to the application/interview process should notify the Human Resources Department at (310) 363-6000.
