Sr. Cyber Assurance Analyst

About The Position

Requirements

• High school diploma or equivalency certificate
• 5+ years of experience (can be concurrent) in cybersecurity compliance, audit or technical security roles with strong knowledge in security compliance frameworks (e.g. NIST 800-53, NIST 800-171, ISO 27001)
• 5+ years of experience (can be concurrent) with control testing, security standards/policy development, security audits, or security risk management

Nice To Haves

• Ability to interpret code/ configurations and analyze system/ network designs for compliance implications.
• Experience with security tooling such as vulnerability scanners, SIEMS, container security, system configuration baseline checks (e.g. CIS Benchmarks, STIGs, etc.)
• Demonstrated experience partnering with and preparing information system owners for internal assessments, facilitating and leading external audits, and driving gaps and findings to closure in a collaborative manner
• Strong understanding of security program and control frameworks, assessment methodologies, and practices, i.e. NIST RMF, NIST CSF, ISO-27001, 800-53(a), 800-171(a), CMMC, CNSSI 1253, 800-137, PCI, HIPAA, GDPR, etc
• Experience evaluating third-party risk, communicating with external stakeholders, and supporting appropriate mitigations.
• Strong communication skills across all organizational levels and ability to build cross-organizational coalitions
• Direct experience with external audits, regulatory compliance reviews and examinations.
• Project and program management experience, tooling integration, and delivery in highly fluid environments
• Processional certifications such as CISA, CISM, CISSP, GSNA, ISO 27001 auditor, PCI ISA or QSA, or equivalent certifications

Responsibilities

• Lead and support security audits and certification (NIST 800-171, NIST 800-53, ISO 27001, etc.) efforts
• Partner with engineers to gather and validate technical evidence (configs, code snippets, logs, system designs, etc)
• Perform technical security and risk assessments of systems and networks within our environment and identify where they deviate from security policy, standards or regulations
• Identify security control/ compliance gaps, advise on remediation, and drive timely resolution with engineers
• Maintain necessary documentation of controls, processes and audits
• Identify and drive assessments and audit efficiency through system integration, data utilization, and process improvement
• Support third-party risk management efforts including supplier onboarding and periodic cyber assessments
• Identify and propose business enabling actions by maintaining an up-to-date understanding of emerging trends in information security risks, changes in standards, and new compliance/assurance techniques and trends
• Mentor fellow teammates and take an active role in their development

Benefits

• You may also be eligible for long-term incentives, in the form of company stock, stock options, or long-term cash awards, as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan.
• You will also receive access to comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short and long-term disability insurance, life insurance, paid parental leave, and various other discounts and perks.
• You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year.
• Employees in Washington State accrue paid sick time in compliance with state and federal law.
• Company shuttles are offered to employees for roundtrip travel from select Seattle locations to the SpaceX Redmond office Monday to Friday.