DESCRIPTION
Our team is responsible for growing an innovative global project that informs and drives larger company strategic decisions. We identify and improve the experience for Amazons customers by applying various methodologies and building software solutions across a wide range of technical stacks.
In this role, you will be responsible for implementing and maintaining technical security controls for a multi-cloud infrastructure while maintaining a high security bar that is in line with Amazon InfoSec and industry standard information security frameworks. This role will provide you with an opportunity to work across a broad set of systems and services, and if being in a dynamic multi-cloud environment and experimenting with the newest technologies sounds exciting to you, it will also be a lot of fun.
You will be engaging with teams working on exciting new technologies, requiring highly customized security judgment outside of existing IT and security structures. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to remediate emerging threats throughout a full secure development life-cycle
You will be partnering with system and software engineers and Amazon InfoSec to raise the security bar through secure design and architecture in a multi-cloud environment. You are a trusted resource on secure development and implementation practices, and work closely with engineers to identify opportunities to improve developer velocity and program efficiency while maintain a high security and privacy bar. You will also lead work-streams to identify and prioritize security problems that can be detected using automation, and develop detection prototypes for security problems to enhance our toolset for static and dynamic analysis.
Mentorship & Career Growth: We are dedicated to supporting new team members. Our team has a broad mix of experience levels and Amazon tenures, and were building an environment that celebrates knowledge sharing and mentorship. We care about your career growth. You will work on projects and tasks that will develop your skills and enable you to take on increasingly complex tasks.
Inclusive Team Culture: Our team is intentional about attracting, developing, and retaining amazing talent from diverse backgrounds. Were looking for a new teammate who is enthusiastic, empathetic, curious, motivated, reliable, and able to work effectively with a diverse team of peers; someone who will help us amplify the positive & inclusive team culture weve been building.
Key job responsibilities
You must have passion for building secure products, competency in application security and software development, as well as fluency on cloud architectures.
- Shape new services through security review of design, architecture, and implementation
- Champion and implement secure development life-cycle (SDLC) practices including threat modeling and security testing.
- Create security guidance and documentation for team and customers.
- Lead and execute security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership.
- Surface security improvement opportunities for AWS to senior leadership.
- Design and implement resource monitoring and identify security vulnerabilities and serve as a member of the incident response team.
- Perform proactive risk assessments to identify threats to IT assets.
- Collaborate with engineering to design and develop tools to improve security automation
- Support projects, create SOPs, and serve as an escalation point for information security issues.
- Influence your teams and partners process, priorities, and choices to improve outcomes
About the team
Customer Experience and Business Trends (CXBT) is an organization made up of a diverse suite of functions dedicated to deeply understanding and improving customer experience, globally. We are a team of builders that develop products, services, ideas, and various ways of leveraging data to influence product and service offerings for almost every business at Amazon for every customer (e.g., consumers, developers, sellers/brands, employees, investors, streamers, gamers).
Our approach is based on determining the customer need, along with problem solving, and we work backwards from there. We use technical and non-technical approaches and stay aware of industry and business trends. We are a global team, made up of a diverse set of profiles, skills, and backgrounds including: Product Managers, Software Developers, Computer Vision experts, Solutions Architects, Data Scientists, Business Intelligence Engineers, Business Analysts, Risk Managers, and more.
BASIC QUALIFICATIONS
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Bachelor's degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
PREFERRED QUALIFICATIONS
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- Experience applying threat modeling or other risk identification techniques or equivalent
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
- Experience with AWS products and services
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.