Cybersecurity Assurance Auditor, IT Audit
Tesla participates in the E-Verify Program
What to Expect
The Internal Audit team's mission is to call attention to risks and drive actions to address those risks to protect Tesla. The team partners with IT, Engineering, and Information Security/Privacy groups to identify areas of risk and make valuable recommendations on standardization of processes and controls.
Tesla is seeking an experienced cybersecurity auditor to plan, execute, lead, and report on operational, information security, and technical transformation audits. This position is responsible for leading complex activities associated with completing technical security assessments (audits), as well as performing other short-term projects to provide recommendations on standardizing controls within corporate, product, and manufacturing IT environments.
What You’ll Do
- Perform cybersecurity assessments to evaluate Tesla’s end-to-end security posture.
- Perform infrastructure security design consulting, including web security reviews.
- Conduct penetration tests and risk assessments over IT environments (applications, infrastructure, cloud, etc.)
- Take on complex challenges while being able to clearly articulate the problem statement and tactical plans/recommendation to management stakeholders.
- Independently lead assessment and risk prioritization, audit program development, work paper documentation, testing, controls evaluation.
- Interact extensively with IT, InfoSec, and Engineering teams and be comfortable executing projects in areas of product security, cloud security, data security, vulnerability management, end point security, and/or network security.
- Build and grow strong relationship with senior management. Manage management requests regarding internal control assessments, process and procedure evaluations, special investigations and internal control education.
What You’ll Bring
- 6+ years of years of demonstrated real world experience performing grey and black box penetration testing as a pentester
- Must be proficient in any of the following: PowerShell Empire, SPLUNK, Metasploit Framework, Cobalt Strike, Burp Suite, Canvas, Kali Linux, IPTables, Sysinternals, A/V evasion methodologies, Exploit Dev
- Rich experience exploiting vulnerabilities
- Knowledge of exploitation concepts including phishing and social engineering tactics, buffer overflows, fuzzing, SQLi, MiTM, covert channels, secure tunneling and open source exfiltration techniques
- Experience with scripting and development languages (e.g., Bash, PowerShell, Python, Perl, Ruby, PHP, C/C++, C#, Java, etc.)
- Proficiency in one or more scripting language. E.g. Perl, Python, Shell Scripting etc
- Strong understanding of web application and web security
- Senior level network experience. PCAP interpretation and parsing, understanding of L1-8 protocols
- Bachelor’s degree in MIS, Computer Science, or related field or equivalent experience.
- At least one professional certification required such as CISSP, GPEN, OSCP or other applicable professional certification.
- Familiarity and understanding of major professional audit frameworks, cybersecurity laws and regulations (NIST, ISO 27001, ITIL, COBIT, PCI-DSS, etc.).
- Leadership skills (ability to take charge, confidence to interact with all levels, set objectives, drive results, and a team player).
Tesla is an Equal Opportunity / Affirmative Action employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, age, national origin, disability, protected veteran status, gender identity or any other factor protected by applicable federal, state or local laws.
Tesla is also committed to working with and providing reasonable accommodations to individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the interview process.
For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here). Please contact email@example.com for additional information or to request accommodations.
Privacy is a top priority for Tesla. We build it into our products and view it as an essential part of our business. To understand more about the data we collect and process as part of your application, please view our Tesla Talent Privacy Notice.
Your application has been successfully submitted.