特斯拉Application Security Engineer
任职要求
• Experience with secure architecture design. • Excellent communication skills. • Security experience in one or more of: C, C++, Python, Go, x86, ARM, cryptography, reverse engineering, wireless networks, common web vulnerabilities with SQLi, XSS, CSRF and exploit development. • Strong penetration testing experience. • Experience auditing code and features. This job application may involve an …
工作职责
The Role We’re looking for highly motivated Application Security engineers with an adversarial mindset to help strengthen Tesla’s overall security posture. You'll get hands-on with a wide array of technologies – including websites, robots, and energy systems – and learn how they interconnect, where they fail, and how to make them stronger. In this role, you’ll emulate both internal and external threat actors to uncover weaknesses across our most critical products and infrastructure. From designing real-world attack scenarios to conducting deep technical assessments, your work will directly shape how we defend systems at scale. If you’re passionate about CTFs, vulnerability research, exploit development, or just love “breaking things” to understand them better, this role is for you. Whether it’s writing custom tooling, crafting a successful phishing campaign, or gaining domain admin, you’ll have the freedom to get creative. You’ll be operating in a high-impact, complex environment spanning thousands of systems, services, and endpoints. At Tesla, you’ll use your offensive skills to drive meaningful change and contribute to one of the most ambitious roadmaps in tech today. Responsibilities • Breaking everything you touch and helping us fix it. • Conducting penetration tests against Tesla networks, applications and services. • Conduct proactive Application Security exercises to simulate real-world external adversaries and insider threats, identifying vulnerabilities and assessing the effectiveness of organizational cybersecurity defenses. • Performing security assessments on third-party services and software. • Collaborating cross functionally with engineers to develop secure services. • Auditing source code for security vulnerabilities. • Develop/implement automated systems to help spot known security exposures.
● Conduct security assessments (SAST, DAST, SCA) and penetration testing to identify vulnerabilities in web/mobile applications and APIs. ● Perform risk analysis and provide actionable remediation recommendations. ● Collaborate with development teams to integrate security practices into SDLC (e.g., threat modeling, secure code reviews). ● Develop and maintain security standards, policies, and playbooks aligned with frameworks like OWASP, NIST, or ISO 27001. ● Engage with clients or internal teams to articulate security risks and mitigation strategies
1. 安全战略落地与能力迁移 ○ 基于集团已确立的国际化安全战略,协助制定落地路线图; ○ 协同阿里控股安全团队将国内成熟的基础安全平台能力(如办公安全、生产安全、数据安全等)迁移至国际业务场景,实现“能力出海”。 2. 全球基础安全体系建设 ○ 搭建适配海外市场的基础安全体系,包括访问控制、数据保护、日志审计、威胁监测等; ○ 支撑 Lazada、AliExpress、Miravia等多区域业务的安全能力统一与差异化融合。 3. 产品与平台国际化适配 ○ 推动已有安全能力的国际化重构与组件解耦(语言、部署、合规、接口标准等); ○ 指导控股安全平台产品形成海外通用输出形态,如SaaS化/轻代理/API服务化等。 4. 合规与数据主权落地 ○ 结合各区域法规要求(如GDPR、PDPA、拉美数据法等),推动策略制定与落地执行; ○ 支持数据本地化、跨境流转审计、国际隐私保护机制建设。 5. 全球安全运营能力建设 ○ 协同安全运营团队搭建覆盖多时区、多语言的全球运营体系(轻量SOC、安全工单系统等); ○ 搭建全球威胁情报适配与协同机制,支撑本地事件响应能力。 6. 跨团队协作与团队建设 ○ 与平台(集团安全产技)、业务、安全技术、安全合规、法律、海外运营等团队紧密协作; ○ 参与相关人才梯队建设,为国际安全团队注入全球化能力。 Strategic Execution & Capability Reuse ● Translate group-level global security strategies into actionable execution plans; ● Drive the migration, adaptation, and productization of Alibaba’s core security capabilities (Cloud Infrastrcure, Application and Data Security, etc.) for international business use. Global Security Infrastructure & Architecture ● Build baseline security architectures across markets, including access management, data protection, audit/logging, and threat detection; ● Support regional business security unification while respecting localized needs. Internationalization of Security Products ● Lead internationalization efforts for internal security tools: multi-language support, local deployment architecture, and regional compliance standards; ● Deliver modular, API-driven, and SaaS-compatible security components for overseas platforms. Compliance & Data Sovereignty ● Design and enforce compliance frameworks aligning with GDPR, PDPA, CCPA, and other regional data privacy regulations; ● Support data localization, cross-border flow auditing, and international privacy mechanism design. Security Operations & Threat Response ● Co-build regionalized security operations capabilities (SOC-lite models, incident response playbooks, multilingual ticketing systems); ● Establish globally coordinated threat intel and response mechanisms. Cross-Team & Talent Development ● Work closely with security engineering, platform, legal, compliance, and international operations teams; ● Mentor or hire security professionals with international capabilities and build the foundation of a globally distributed team.
Global Technology Services (GTS) is a technical fulfilment team that provides complete lifecycle services to our customers. Our aim is to ensure high-quality contract signing process and delivery through seamless control across pre-sales, sales, and post-sales stages. We enhance the service ecosystem, optimize delivery efficiency, and reduce delivery costs while establishing an operational business model.. Through specialized delivery implementation, systematic middle-office support, and standardized service product capabilities, we leverage the power of cloud and data intelligence. Collaborating with ecosystem partners, we assist customers in achieving their business objectives.Ultimately,our goal is to continuously enhance Alibaba Cloud's industry-leading reputation and customer satisfaction. By joining GTS, you'll be a part of pioneering technology and have the opportunity to contribute to major projects, such as supporting the Olympics. Our diverse clientele hails from various industries, including e-commerce, finance, logistics, and other prominent enterprises, . We take pride in offering high-quality, professional cloud services to drive their digital transformation and business expansion. If you possess a genuine passion for cloud computing, thrive on challenges, and are committed to excellence, we wholeheartedly invite you to become a member of the GTS family. Together, we will explore uncharted territories and shape the future. As a member of our team, you will be responsible for the following: 1. Cloud Solutions Design and Delivery: Design and deliver end-to-end cloud computing solutions, lead system integration, handle engineering issues, and ensure successful project delivery and customer satisfaction. Quickly analyze and solve problems based on customer business scenarios to improve satisfaction. 2. Cloud System Operations and Maintenance: Oversee cloud system operations and maintenance, including business system monitoring and fault handling, ensuring stable operation of cloud services. Continuously enhance user experience and product capabilities through automation and diagnostic tools. 3. Forward-Looking Service Solutions and Tool Development: Develop forward-looking service solutions based on product evolution, achieving low-cost, high-quality delivery and maintenance of public, hybrid, and private clouds. Design and develop tool systems to build future-oriented delivery, operation, and service platforms. 4. Customer Problem Analysis and Product Improvement: Summarize and categorize customer issues, develop systematic tool platforms, understand customer business scenarios, and promote continuous improvement in products and services.
Global Technology Services (GTS) is a technical fulfilment team that provides complete lifecycle services to our customers. Our aim is to ensure high-quality contract signing process and delivery through seamless control across pre-sales, sales, and post-sales stages. We enhance the service ecosystem, optimize delivery efficiency, and reduce delivery costs while establishing an operational business model.. Through specialized delivery implementation, systematic middle-office support, and standardized service product capabilities, we leverage the power of cloud and data intelligence. Collaborating with ecosystem partners, we assist customers in achieving their business objectives.Ultimately,our goal is to continuously enhance Alibaba Cloud's industry-leading reputation and customer satisfaction. By joining GTS, you'll be a part of pioneering technology and have the opportunity to contribute to major projects, such as supporting the Olympics. Our diverse clientele hails from various industries, including e-commerce, finance, logistics, and other prominent enterprises. We take pride in offering high-quality, professional cloud services to drive their digital transformation and business expansion. If you possess a genuine passion for cloud computing, thrive on challenges, and are committed to excellence, we wholeheartedly invite you to become a member of the GTS family. Together, we will explore uncharted territories and shape the future. As a member of our team, you will be responsible for the following: 1. Cloud Solutions Design and Delivery: Design and deliver end-to-end cloud computing solutions, lead system integration, handle engineering issues, and ensure successful project delivery and customer satisfaction. Quickly analyze and solve problems based on customer business scenarios to improve satisfaction. 2. Cloud System Operations and Maintenance: Oversee cloud system operations and maintenance, including business system monitoring and fault handling, ensuring stable operation of cloud services. Continuously enhance user experience and product capabilities through automation and diagnostic tools. 3. Forward-Looking Service Solutions and Tool Development: Develop forward-looking service solutions based on product evolution, achieving low-cost, high-quality delivery and maintenance of public, hybrid, and private clouds. Design and develop tool systems to build future-oriented delivery, operation, and service platforms. 4. Customer Problem Analysis and Product Improvement: Summarize and categorize customer issues, develop systematic tool platforms, understand customer business scenarios, and promote continuous improvement in products and services.