Profiles search
Arthur Li
SpaceX---SR. INFORMATION SECURITY ANALYST
Los Angeles, CA, United States
Details
Experience:
Support SpaceX as our front line responder by identifying, triaging, and remediating security detections and anomalies.
Assess newly published vulnerabilities and attacker tactics, techniques, and procedures (TTPs) to identify possible defensive measures to locate and stop threat actors.
Provide incident response support as a key stakeholder. Collaborate with SpaceX engineering teams to proactivity improve and secure systems from future attacks.
Operate and help mature playbooks to protect SpaceX people, missions, and assets.
2018 : Present
SpaceX
SR. INFORMATION SECURITY ANALYST
Plan, prepare for, schedule, and coordinate internal assessments and external audits
Perform assessments of systems and networks within our environment and identify where those systems and networks deviate from acceptable configurations, enterprise policy, or local standards
Identify security and compliance gaps and partner with system owner and stakeholders to appropriately remediate
Generate awareness of assessment results, facilitate and prepare system security plans and update the plan of actions and milestones
Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed
Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data
Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acceptance Letters (RAL), System Security Plans (SSP), Plans of Action & Milestones (POA&M), and support Continuous Monitoring
Manage, assess, communicate and partner with our business and systems owners to determine the efficacy of security controls, solution around constraints, and facilitate justifiable confidence in the system's security posture
Operate and contribute to continuous improvement of information security assurance processes and systems
Stay abreast of changes to regulations, compliance guidelines, assessment methodologies, and the emerging TTPs; recommend proactive changes to controls, policies, and procedures to respond to these changes
2015 : 2018
SpaceX
Information Security Analyst
Responsible for the demonstration and design of the overall scheme of the precision guidance system;
Responsible for the program demonstration, simulation and verification evaluation of the new detection system;
Responsible for/leading the development of key technology research and demonstration of precision guidance systems;
Responsible for precision guidance professional technology development planning and technical research.
2012 : 2015
China Aerospace Science & Industry Corporation Limited
Senior Data Analyst
Design and develop a new automated production performance report for the company. Cooperate with the IT department to build a database and server for the report, and design the data model and ETL. Through years of hard work, integrate the global product test data and unify all production report
Performance :
- Develop fully automatic output reports for China. In the first year, save at least 100,000 RMB in labor costs per year for the product testing and development department. And in the next 3 years, set up a separate data department, establish an independent server, database, And cooperate with the global IT department to integrate the data reports of AMD chip assembly and factory inspection (including Singapore, Malaysia, Taiwan, China).
- Project information tracking and sharing platform. Users can use this online platform to register new engineering projects and share testing data, reducing inefficient mass emails. And with the accumulation of project data, employees can find out solutions by retrieving old project data Method.
2011 : 2012
Inspur Group
Data Analyst
• Daily update of day shift PO (Protection Officer) attendance in SAP system. • Answer calls from the head office. Respond promptly to temporary issues faced by POs deployed at customer sites. • Manage daily headcount to ensure adequate coverage at all client locations.
2007 : 2008
Inspur Group
Intern
Assess newly published vulnerabilities and attacker tactics, techniques, and procedures (TTPs) to identify possible defensive measures to locate and stop threat actors.
Provide incident response support as a key stakeholder. Collaborate with SpaceX engineering teams to proactivity improve and secure systems from future attacks.
Operate and help mature playbooks to protect SpaceX people, missions, and assets.
2018 : Present
SpaceX
SR. INFORMATION SECURITY ANALYST
Plan, prepare for, schedule, and coordinate internal assessments and external audits
Perform assessments of systems and networks within our environment and identify where those systems and networks deviate from acceptable configurations, enterprise policy, or local standards
Identify security and compliance gaps and partner with system owner and stakeholders to appropriately remediate
Generate awareness of assessment results, facilitate and prepare system security plans and update the plan of actions and milestones
Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed
Develop, maintain, monitor, and improve appropriate internal controls and policies to protect SpaceX systems and data
Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards
Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), Risk Acceptance Letters (RAL), System Security Plans (SSP), Plans of Action & Milestones (POA&M), and support Continuous Monitoring
Manage, assess, communicate and partner with our business and systems owners to determine the efficacy of security controls, solution around constraints, and facilitate justifiable confidence in the system's security posture
Operate and contribute to continuous improvement of information security assurance processes and systems
Stay abreast of changes to regulations, compliance guidelines, assessment methodologies, and the emerging TTPs; recommend proactive changes to controls, policies, and procedures to respond to these changes
2015 : 2018
SpaceX
Information Security Analyst
Responsible for the demonstration and design of the overall scheme of the precision guidance system;
Responsible for the program demonstration, simulation and verification evaluation of the new detection system;
Responsible for/leading the development of key technology research and demonstration of precision guidance systems;
Responsible for precision guidance professional technology development planning and technical research.
2012 : 2015
China Aerospace Science & Industry Corporation Limited
Senior Data Analyst
Design and develop a new automated production performance report for the company. Cooperate with the IT department to build a database and server for the report, and design the data model and ETL. Through years of hard work, integrate the global product test data and unify all production report
Performance :
- Develop fully automatic output reports for China. In the first year, save at least 100,000 RMB in labor costs per year for the product testing and development department. And in the next 3 years, set up a separate data department, establish an independent server, database, And cooperate with the global IT department to integrate the data reports of AMD chip assembly and factory inspection (including Singapore, Malaysia, Taiwan, China).
- Project information tracking and sharing platform. Users can use this online platform to register new engineering projects and share testing data, reducing inefficient mass emails. And with the accumulation of project data, employees can find out solutions by retrieving old project data Method.
2011 : 2012
Inspur Group
Data Analyst
• Daily update of day shift PO (Protection Officer) attendance in SAP system. • Answer calls from the head office. Respond promptly to temporary issues faced by POs deployed at customer sites. • Manage daily headcount to ensure adequate coverage at all client locations.
2007 : 2008
Inspur Group
Intern
Company:
SpaceX
About
Have experience in the construction of safety system projects and be familiar with the guarantee system;
Familiar with information security risk assessment system;
Familiar with common vulnerability attack principles and protection methods;
Familiar with mainstream network security products such as IDS, WAF, IPS;
Have theoretical basis and practical experience in risk management and safety assessment;
Participate in the revision of the information security system, and the writing is good.
Profile Photo
