|Category||Systems, Quality, & Security Engineering||Job type||Full Time|
Are you passionate about managing security at scale? Selling Partner Services is one of Amazon's fastest growing business with more than 50% of all items currently sold originating from third-party Sellers. Our vision is to offer a secure world-class Customer experience that enables Selling Partner Services and third-party Developers to innovate rapidly on behalf of Sellers, Vendors and Brand Owners.
Selling Partner Service is looking for a self-driven Security Engineer to join our team. We are looking for a self-starter. You will actively contribute to our security strategy and its implementation. You will perform risk assessments, threat modelling, security reviews and vulnerability remediation for SPS systems and consultations and incident response for 3P Developers using Selling Partner APIs. You will design and implement security mechanisms, processes and tools to protect against risks. You will participate in architectural and system design discussions and share your security expertise with technical and business stakeholders across the organization, from engineers to executives. You will collaborate with other security teams and share best practices across the organization.
You will work directly with internal customers to provide security guidance and help resolve security issues.
Security Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data, conducting root-cause analysis and confidently escalating complex events to experienced Security Engineers to protect customer trust. You will assist in the maintenance and configuration of workflows running on AWS technologies like Step functions. You will perform debugging to support platform infrastructure and troubleshoot complex security problems and provide technical details to assess and mitigate risks. You will apply automation to improve our security operations and make them more efficient and profitable. You will manage communications, generate and/or manage trouble tickets (i.e. security findings both logical and physical), interact with security systems and data warehouses that impact AWS data, operations, and/or reputation. You will support technical security campaigns and leverages tools and systems across the AWS Security to query trends, mine databases and system log, and detect anomalies and/or inconsistencies that require mitigating improvements. You need to be successful at multitasking, be self-motivated, and use discretion when dealing with sensitive information. You should also be able to rapidly learn new technologies, consider multiple solutions to problems, and show high levels of judgement when determining risk and impact of security events. An ideal candidate will have a thorough understanding of security operations as context for decision making when taking ownership to solve problems.
• Provide first-tier security reviews of security use cases
• Implement and review controls to protect Amazon data and systems
• Respond to security violations, potential vulnerabilities and alerts from detection systems
• Work with software development teams to proactively assess risk, fix security issues, and provide policy guidance
• Evangelize security within Amazon and be an advocate for customer trust
• Interface with technical teams, stakeholders and leadership teams to translate security risk mitigation plans into actionable items to mitigate risk.
• Independently work and support campaign findings, researches mitigations, and analyzes potential security vulnerability related information from a variety of sources to identify patterns and trends.
Amazon is an Equal Opportunity Employer - Minority / Women / Disability / Veteran / Gender Identity / Sexual Orientation / Age.
• Computer Science or Security Engineering degree.
• 3 years of experience in an operational IT role at a large organization
• Familiarity with common network, system and web application attacks and mitigations
• Fundamental knowledge of cloud computing services.
• Expertise in web application, system and network security.
• Experience in designing and implementing software and security tools.
• Experience in penetration testing and vulnerability assessment.
• Capable of communicating effectively verbally and in writing to an executive audience.
You will bring to the team:
• Well-rounded knowledge of multiple Information Security domains
• Good understanding of the OWASP Top 10
• Experience in threat modeling and identification techniques
• Ability to work with developers to resolve security issues
• Experience in code reviews, vulnerability detection, and root cause analysis
• Scripting and automation experience.
• Experience with AWS or other cloud computing platforms.
• Good written and verbal communication skills
• Strong sense of ownership, urgency, and drive.
• Graduate degree in information security or related field
• Security certifications encouraged