特斯拉Application Security Engineer
任职要求
• Experience with secure architecture design. • Excellent communication skills. • Security experience in one or more of: C, C++, Python, Go, x86, ARM, cryptography, reverse engineering, wireless networks, common web vulnerabilities with SQLi, XSS, CSRF and exploit development. • Strong penetration testing experience. • Experience auditing code and features. This job application may involve an interview with an interviewer outside of Tesla China. If you complete your application, you agree Tesla provides your application information to overseas interviewers in Tesla, Inc. for recruitment purposes. More details and contact information please seehere. (here hyperlink: https://app.mokahr.com/social-recruitment/tesla/46129#/)
工作职责
The Role We’re looking for highly motivated Application Security engineers with an adversarial mindset to help strengthen Tesla’s overall security posture. You'll get hands-on with a wide array of technologies – including websites, robots, and energy systems – and learn how they interconnect, where they fail, and how to make them stronger. In this role, you’ll emulate both internal and external threat actors to uncover weaknesses across our most critical products and infrastructure. From designing real-world attack scenarios to conducting deep technical assessments, your work will directly shape how we defend systems at scale. If you’re passionate about CTFs, vulnerability research, exploit development, or just love “breaking things” to understand them better, this role is for you. Whether it’s writing custom tooling, crafting a successful phishing campaign, or gaining domain admin, you’ll have the freedom to get creative. You’ll be operating in a high-impact, complex environment spanning thousands of systems, services, and endpoints. At Tesla, you’ll use your offensive skills to drive meaningful change and contribute to one of the most ambitious roadmaps in tech today. Responsibilities • Breaking everything you touch and helping us fix it. • Conducting penetration tests against Tesla networks, applications and services. • Conduct proactive Application Security exercises to simulate real-world external adversaries and insider threats, identifying vulnerabilities and assessing the effectiveness of organizational cybersecurity defenses. • Performing security assessments on third-party services and software. • Collaborating cross functionally with engineers to develop secure services. • Auditing source code for security vulnerabilities. • Develop/implement automated systems to help spot known security exposures.
● Conduct security assessments (SAST, DAST, SCA) and penetration testing to identify vulnerabilities in web/mobile applications and APIs. ● Perform risk analysis and provide actionable remediation recommendations. ● Collaborate with development teams to integrate security practices into SDLC (e.g., threat modeling, secure code reviews). ● Develop and maintain security standards, policies, and playbooks aligned with frameworks like OWASP, NIST, or ISO 27001. ● Engage with clients or internal teams to articulate security risks and mitigation strategies
1. 安全战略落地与能力迁移 ○ 基于集团已确立的国际化安全战略,协助制定落地路线图; ○ 协同阿里控股安全团队将国内成熟的基础安全平台能力(如办公安全、生产安全、数据安全等)迁移至国际业务场景,实现“能力出海”。 2. 全球基础安全体系建设 ○ 搭建适配海外市场的基础安全体系,包括访问控制、数据保护、日志审计、威胁监测等; ○ 支撑 Lazada、AliExpress、Miravia等多区域业务的安全能力统一与差异化融合。 3. 产品与平台国际化适配 ○ 推动已有安全能力的国际化重构与组件解耦(语言、部署、合规、接口标准等); ○ 指导控股安全平台产品形成海外通用输出形态,如SaaS化/轻代理/API服务化等。 4. 合规与数据主权落地 ○ 结合各区域法规要求(如GDPR、PDPA、拉美数据法等),推动策略制定与落地执行; ○ 支持数据本地化、跨境流转审计、国际隐私保护机制建设。 5. 全球安全运营能力建设 ○ 协同安全运营团队搭建覆盖多时区、多语言的全球运营体系(轻量SOC、安全工单系统等); ○ 搭建全球威胁情报适配与协同机制,支撑本地事件响应能力。 6. 跨团队协作与团队建设 ○ 与平台(集团安全产技)、业务、安全技术、安全合规、法律、海外运营等团队紧密协作; ○ 参与相关人才梯队建设,为国际安全团队注入全球化能力。 Strategic Execution & Capability Reuse ● Translate group-level global security strategies into actionable execution plans; ● Drive the migration, adaptation, and productization of Alibaba’s core security capabilities (Cloud Infrastrcure, Application and Data Security, etc.) for international business use. Global Security Infrastructure & Architecture ● Build baseline security architectures across markets, including access management, data protection, audit/logging, and threat detection; ● Support regional business security unification while respecting localized needs. Internationalization of Security Products ● Lead internationalization efforts for internal security tools: multi-language support, local deployment architecture, and regional compliance standards; ● Deliver modular, API-driven, and SaaS-compatible security components for overseas platforms. Compliance & Data Sovereignty ● Design and enforce compliance frameworks aligning with GDPR, PDPA, CCPA, and other regional data privacy regulations; ● Support data localization, cross-border flow auditing, and international privacy mechanism design. Security Operations & Threat Response ● Co-build regionalized security operations capabilities (SOC-lite models, incident response playbooks, multilingual ticketing systems); ● Establish globally coordinated threat intel and response mechanisms. Cross-Team & Talent Development ● Work closely with security engineering, platform, legal, compliance, and international operations teams; ● Mentor or hire security professionals with international capabilities and build the foundation of a globally distributed team.
As a pivotal member of the Copilot Team, you will bring unique perspectives and expertise to the organization, driving innovative features and delivering transformative AI-powered experiences:• This is an IC role, Coding / engineering design time >70%• Manage complex projects from conception to implementation, with a focus on delivering AI-driven user interfaces and performance-optimized web applications.• Coordinate technical delivery through sprints, fostering collaboration throughout the project lifecycle.• Collaborate across geographies and time zones to establish best practices and develop automated processes that mitigate development risks.• Investigate and debug complex performance issues in applications, ensuring optimal user experience and system efficiency.• Design and implement performance testing strategies to proactively address bottlenecks.• Work closely with Product Designers, Product Managers, and Engineers to deliver AI-enhanced products that delight users.• Drive team-wide investments in infrastructure and foundational systems to support long-term technical roadmaps.• Solve technical challenges to deliver outstanding outcomes for customers and the business.
As a pivotal member of the Copilot Team, you will bring unique perspectives and expertise to the organization, driving innovative features and delivering transformative AI-powered experiences:• This is an IC role, Coding / engineering design time >70%• Manage complex projects from conception to implementation, with a focus on delivering AI-driven user interfaces and performance-optimized web applications.• Coordinate technical delivery through sprints, fostering collaboration throughout the project lifecycle.• Collaborate across geographies and time zones to establish best practices and develop automated processes that mitigate development risks.• Investigate and debug complex performance issues in applications, ensuring optimal user experience and system efficiency.• Design and implement performance testing strategies to proactively address bottlenecks.• Work closely with Product Designers, Product Managers, and Engineers to deliver AI-enhanced products that delight users.• Drive team-wide investments in infrastructure and foundational systems to support long-term technical roadmaps.• Solve technical challenges to deliver outstanding outcomes for customers and the business.