The Role:

We are looking for a highly motivated engineer specializing in security monitoring, incident response, or forensics to defend Tesla’s information, infrastructure and products.

Other car companies have talked for years about a future of "connected cars." At Tesla, we make it happen. We regularly send over-the-air software updates to our Model S and Model X fleet, seamlessly delivering new features and improvements to our customers. Our mobile applications allow customers to interact with their cars via real-time, low-latency two-way communication. We also build tools for our internal sales, delivery, and service teams. Today we remotely identify potential vehicle issues before a customer does—and often fix problems remotely too. To this end information and product security is of the utmost importance.

The Detection Team is responsible for detecting and responding to threats against our corporate, manufacturing and production environments. As a Detection Engineer, you will defend Tesla by helping to build and run a comprehensive threat detection program. You will improve logging coverage, build and tune log aggregation, analysis, and alerting systems, and detect threats at scale.

Responsibilities:

• Analyze the latest attacker techniques and develop approaches to detect them across the company's diverse environments and endpoints.
• Define, implement, and tune detective capabilities and data sources to detect and remediate malicious activity
• Work with engineering and operations teams to implement threat detection signals, deploy new tooling, and improve response capabilities.
• Analyze security data and report on threats and incidents across various platforms and environments.

Requirements:

• BS/MS/PhD in Computer Science, Information Systems, Electrical Engineering, or the equivalent in experience and evidence of exceptional ability.
• Excellent understanding and experience in multiple security domains such as intrusion detection, incident response, malware analysis, and forensics.
• Experience detecting abuse and large-scale attacks in a diverse environment.
• Software engineering experience in Python, Ruby, Go, C, Javascript or other OOP languages.
• Experience in cloud environments (AWS preferred) and Linux containers and orchestration systems (Kubernetes preferred)
• DevOps or security automation experience.
• Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, and law enforcement throughout the incident lifecycle.
• Familiarity with the following detection-related disciplines with deep experience in one or more:
• Large scale analysis of log data using tools such as Splunk or ELK.
• File system, memory, or live response on Windows, MacOS and/or Linux.
• Analysis of network traffic from intrusion detection systems and flow monitoring systems.
• Host level detection with tools such as auditd, SysMon