What to Expect
Tesla operates huge, vertically integrated factories across three continents and a global Supercharger network.
We solve problems at-scale across cutting edge technologies in world-class supercomputing HPC, AI/ML, manufacturing 5G/OT, Solar OT, and enterprise IT environments.
The Detection Team is responsible for detecting and responding to threats against our corporate, manufacturing and production environments.
We leverage best-in-class technologies, invent and re-imagine security solutions to defend Tesla’s information, infrastructure and products.
We are looking for a highly motivated security engineer specializing in security detection and incident response to continually improve detection program effectiveness and efficiency through tuning, innovation and automation.
You will improve, build, and tune detection, analysis, alerting and response systems to detect and counter threats at scale.
What You’ll Do
Define, implement, and tune detection capabilities to detect and remediate malicious activity.
Continually improve and create detection tools, craft high-fidelity signaling, remove noise, and reduce manual investigative efforts.
Collaborate with business teams to identify, craft and implement custom workflow detection strategies.
Analyze adversarial techniques and develop detection approaches across our diverse environments.
Engage with engineering teams to implement sensors, and tools to improve response capabilities.
Collaborate with Incident Response and Security Operations during investigations and incidents.
Develop custom tooling to improve and accelerate analysis during investigations.
What You’ll Bring
Critical thinking, problem solving and investigative mindset.
Senior or Lead level experience in one or more of the following areas: Incident Response, Security Operations, DFIR, Security DevOps, SecOps, and/or Security Product Development
Experience with
Detection and response technologies SIEM, EDR, CNAPP, NDR, NDIS/NIPS, SIGMA, YARA, etc.
Large scale analysis of log data using tools such as Splunk, Elastic, or similar.
Security automation SOAR tools, IT automation, and/or custom automation methods
Linux containers and orchestration systems (Kubernetes preferred)
Cloud environments (AWS preferred)
Phishing and social engineering detection and countermeasures
Familiarity with the following detection-related disciplines with deep experience in one or more:
Security event correlation, data visualization, graphing, timelines, and trending
Behavioral analytics and anomaly detection
Analysis of network traffic from intrusion detection systems and flow monitoring systems.
Host level detection with tools such as auditd, osquery, Sysmon
File system, memory, or live response on Windows, MacOS and/or Linux.
Experience working with multiple stakeholders such as engineering/operations teams, internal business units, external incident response teams, throughout the incident lifecycle.
Ability to maintain detection as code and/ or maintain a CICD pipeline.
Ability to operate at scale and adapt to change in complex and diverse environments.
Pluses
Software engineering experience in Python, Go, Rust or similar.
Private 5G/SCADA/ICS/OT experience
Adversary intelligence attribution
Whatsapp
