Sr. Endpoint Security Management Engineer

We are looking for a highly motivated Senior Engineer specializing in the Endpoint Security hardening and strategic development space to help defend and protect Tesla's data, infrastructure, and products. This includes both Corporate and Manufacturing/ICS systems. Other car companies have talked for years about a future of "connected cars." At Tesla, we make it happen. We regularly send over-the-air software updates to our Model S, Model 3, Model X, and Model Y fleet, seamlessly delivering new features and improvements to our customers. Our mobile applications allow customers to interact with their cars via real-time, low-latency two-way communication. We also build tools for our internal sales, delivery, and service teams. We are building "a machine that builds a machine". To this end, information, endpoint, and product security is of the utmost importance. The Endpoint Security Team is responsible for curating, deploying, and managing industry-standard security policies to Tesla's managed fleet of endpoints (Windows) in Tesla Corporate, Retail, and Manufacturing environments. As an Endpoint Security Engineer, you will work very closely with the Vulnerability Management, Desktop Engineering, Incident Response & Detection, and Tesla Manufacturing teams and act as a "bridge" connecting InfoSec and other Security Engineering teams. You will represent the InfoSec team's vision and mission while making sure all new and existing security policies are continuously reviewed and enforced across all managed devices. We are looking for an Engineer with specialized knowledge and experience with managing security policy and principals across a large enterprise that reflect a security-first perspective to ensure the most secure, yet usable, computing environment.


Responsibilities

• Operate as the resident expert for all Windows-based endpoints as it relates to defining, deploying, and reporting on enterprise-level security policy to support our fast-growing user base while maintaining and supporting business critical systems and organizational units
• Reviews existing security policy on a regular basis to ensure that standards are inline and/or exceeding industry standard best practices according to published frameworks/benchmarks (NIST/CIS)
• Expert level knowledge of managing and creating endpoint protection solutions' configurations, metrics, and operational support including, but not limited to, supporting architectural changes, tool and package deployments, and advanced policy development and deployment
• Provide guidance on architectural analysis, design, and support for endpoint security systems and ongoing compliance initiatives to drive a security-first framework
• Manage policies and software deployments for endpoint security solutions in conjunction with our Desktop Engineering team for holistic coverage
• Design, implement, and track month-over-month KPIs and KCIs on the health of all endpoint security solutions
• Administer policy configurations for endpoint security controls (ex. secure configuration qualification) and perform end-to-end Endpoint Protection architecture assessments and security reviews
• Create and maintain Standard Operating Procedures (SOPs) related to operational tasks for endpoint security management
• Assist with advanced security incident response and detection activities when required, troubleshoot complex enterprise workstation and server environments
• Detailed knowledge in system security architecture and security solutions and proficient understanding of IT infrastructure, security, & NGAV + ZTNA policies/exclusions/rules, etc.

Requirements

• Minimum 5 years of prior hands-on endpoint security / cybersecurity experience
• Experience with Enterprise Endpoint Security solutions such as Sentinel One/Trend Micro/Crowdstrike/Microsoft Defender ATP, etc.
• Experience with Zero Trust Network Access solutions such as Zscaler, Akamai, Palo Alto Networks, etc.
• Experience in a fast-paced, enterprise environment is a bonus
• Experience related to industrial control systems security is desirable
• Good understanding of security architecture and experience managing and hardening of secure configurations of both Enterprise and Industrial/Manufacturing systems and protocols
• Experience with vulnerability identification and prioritization in an enterprise setting
• Knowledge of the NIST Risk Management Framework
• Real world experience using at least one major SIEM system

Compensation and Benefits
Benefits

Along with competitive pay, as a full-time Tesla employee, you are eligible for the following benefits at day 1 of hire:

• Aetna PPO and HSA plans > 2 medical plan options with $0 payroll deduction
• Family-building, fertility, adoption and surrogacy benefits
• Dental (including orthodontic coverage) and vision plans, both have options with a $0 paycheck contribution
• Company Paid (Health Savings Account) HSA Contribution when enrolled in the High Deductible Aetna medical plan with HSA
• Healthcare and Dependent Care Flexible Spending Accounts (FSA)
• LGBTQ+ care concierge services
• 401(k) with employer match, Employee Stock Purchase Plans, and other financial benefits
• Company paid Basic Life, AD&D, short-term and long-term disability insurance
• Employee Assistance Program
• Sick and Vacation time (Flex time for salary positions), and Paid Holidays
• Back-up childcare and parenting support resources
• Voluntary benefits to include: critical illness, hospital indemnity, accident insurance, theft & legal services, and pet insurance
• Weight Loss and Tobacco Cessation Programs
• Tesla Babies program
• Commuter benefits
• Employee discounts and perks program