Job Information
Amazon Security Engineer II, WW Ops Security in Seattle, Washington
Description
Are you interested in helping ensure exceptional services and security for customers? Do you have a passion for architecture, security, software design, and innovative technologies? Do you see security, compliance, and risk management as business enablers? The Amazon Stores Vendor Information Security Assurance (VISA) team is seeking a SecEng Auditor to perform assessments of our third party partners. You will have the rare opportunity to dive deep into the internal architecture of Amazon third parties to assess operational risks and security posture.
The ideal candidate is interested in diving deep into a variety of complex architectures and ensuring architecture and operation is designed and operating securely with our third party partners. You will support the planning, scoping, execution, and reporting based on identified risks. Assessment scope may include identity and access management, key management, data security/privacy, service monitoring, release management, and service availability.
You will bring independent and objective points of view to provide support to internal vendor management teams and their third party partners to identify opportunities for control improvements to mitigate risks, ensure compliance and improve operational performance. In this capacity, you will gain valuable exposure to many areas of our global business.
This position will challenge your current understanding of Amazon services. You will have the ability to learn new technology concepts quickly. You are someone who is curious and known for diving deep into subject matter, taking ownership, and encouraging innovative and pragmatic solutions to complex problems. In addition, you will have solid business judgment, enthusiasm for risk management, the ability to gain trust and respect of business leaders, and the capability to guide a fast-paced organization to the right results.
This position will be based out of Seattle, Washington, Dallas, Texas, or Arlington, Virginia and may require up to 25% travel, including international travel.
Key job responsibilities
Acting as subject matter expert on risk-based security reviews and assessments at scale
Collecting/reviewing data from multiple sources to assess third party partner security posture.
Building, evolving, and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained.
Preparing reports for senior management on the state of partner compliance.
Determine findings criticality considering the relevant business, technical, and threat environment.
Contribute to the long-term and short-term security strategy to ensure that third party related services are designed and running securely.
Reviewing exceptions to policy and determining risk and impact.
Serving as an advisor on security & compliance issues for operations staff.
Maintaining a broad understanding of the global regulatory landscape impacting Amazon.
Advising project and legal teams on ensuring the required security terms are in contracts and participate in contract negotiations with sensitive external partners at a global level.
Determining strategy for highly sensitive and/or high-profile assessments.
Maintaining metrics on partner security and compliance status.
Ensuring the team delivers on security goals, and make recommendations for incremental process improvement.
Travel may be required to perform VISA assessments.
About the team
ABOUT AmSec:
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
Bachelor’s degree in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics or related discipline, or additional equivalent technology experience
3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
5+ years of experience in identifying security issues and risks, and developing mitigation plans
3+ years of experience in one or more of the following areas: identity and access management, cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments
2+ years experience analyzing diverse and large datasets using SQL or other analytical tools
Preferred Qualifications
2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
CISSP, CISA, or related GIAC Information Security certification
Consistent demonstration of utilizing automation to solve recurring problems at scale
Experience driving multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
Excellent leadership, teamwork and collaboration skills
Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions
Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audience
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Amazon
-
- Amazon Jobs
