SR. VULNERABILITY MANAGEMENT ENGINEER

As a member of the SpaceX Security Engineering organization, the Senior Vulnerability Management Engineer will play a key role in maturing and operating the existing vulnerability management program. This position focuses on ensuring that security vulnerabilities are effectively identified, managed, and remediated across the SpaceX environment. The successful candidate will work closely with infrastructure, engineering, application, and other security/IT teams to assess impacts, implement mitigating controls, and build relationships with stakeholders organization-wide.

RESPONSIBILITIES:

• Lead and champion efforts to define, implement, and enforce processes, policies, and procedures for vulnerability remediation, external attack surface management, and compliance policy scanning. Track open vulnerabilities and issues from identification to resolution, following up with remediation owners, enforcing Plans of Action & Milestones (POA&Ms), and escalating risks as necessary.
• Serve as a vulnerability management SME across multiple areas, including Microsoft platforms (servers, workstations, applications), open systems (Linux, UNIX, VMware ESXi), virtualization (e.g., VMware vSphere), networking, databases (SQL Server, MySQL, PostgreSQL), cloud environments (AWS, Azure, Google), public/private-facing services, and the SpaceX network stack. Stay up to date on the latest vulnerabilities, exploitation techniques, and exploits.
• Identify and recommend measures to manage and remediate vulnerabilities or security exposures, reducing potential impacts on information resources to levels acceptable to senior management. Partner with security and IT professionals to assess vulnerability impacts specific to the SpaceX environment (including financial systems) and implement mitigating controls.
• Act as a leader in vulnerability management and information security by broadening awareness and use of the team's services, educating on security best practices, and integrating with other business areas. Identify solutions for security problems while participating in the broader Information Security team.
• Conduct manual testing and/or work closely with red-teams to confirm vulnerabilities and exploits using offensive-security tools to identify false positives, validate security defenses, and pinpoint risk areas.
• Assist with the implementation, management, and maintenance of vulnerability management and external attack surface platforms/tools, including troubleshooting technical/functional issues and ensuring operational success.
• Configure integrations between vulnerability management/external attack surface tools and issue tracking systems to effectively communicate and track vulnerabilities. Develop scripts and automated mechanisms to streamline manual processes for gathering and consolidating information.
• Configure and maintain custom compliance policy scanning rulesets based on CIS benchmarks, and develop automated processes for reporting results to stakeholders.
• Develop and improve KPIs, metrics, and trending for vulnerability management functions. Brief leadership and stakeholders on important and critical vulnerabilities across the environment.

BASIC QUALIFICATIONS:

• Bachelor’s degree in information systems, information security, computer science, engineering or similar technical field of study and 4+ years of professional experience in information security, networking and/or systems administration; OR 5+ years of professional experience in information security in lieu of a degree.
• 4+ years of experience designing, building, implementing, and/or maintaining vulnerability and configuration management technologies in an enterprise level environment.
• Experience with Linux, Windows, and Mac system internals and configuration management tools.

PREFERRED SKILLS AND EXPERIENCE:

• Experience with Tenable on-premise and cloud products such as Tenable or other Vulnerability Assessment Tools.
• Experience with auditing security controls against standards such as CIS, MSCT, & DISA STIGs.
• Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems.
• Experience in analyzing & validating vulnerabilities to most effectively prioritize the most critical vulnerabilities to a given environment.
• Experience in PCI DSS security assessments.
• Experience with a programming or scripting language, such as Python or PowerShell.
• Experience in controlled penetration testing to validate vulnerability findings.
• Familiarity with J-Frog Artifactory / X-ray.
• Ability to interface with vendors to diagnose and troubleshoot problems, as well as consult on architectural design and configuration changes.

ADDITIONAL REQUIREMENTS:

• Must be willing to work extended hours and/or weekends.
• This role is based in Hawthorne, CA and will require you to be onsite. Remote or hybrid work will not be considered.

COMPENSATION AND BENEFITS:

Pay range:

Security Engineer/Senior: $168,000.00 - $230,000.00/per year

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience.

Base salary is just one part of your total rewards package at SpaceX. You may also be eligible for long-term incentives, in the form of company stock, stock options, or long-term cash awards, as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan. You will also receive access to comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short and long-term disability insurance, life insurance, paid parental leave, and various other discounts and perks. You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year. Employees accrue paid sick leave pursuant to Company policy which satisfies or exceeds the accrual, carryover, and use requirements of the law.