Senior Security Engineer, Salesforce Success Central, Security Enablement
Job ID: 2809861 | Amazon Web Services, Inc.
Salesforce Success Central is looking for a passionate, innovative, results-oriented Security Engineer to join our Security Enablement Team. As a Sr. Security Engineer, you’ll have a unique opportunity to innovate in the security space of distributed third-party platforms, large scale systems integrations, and Salesforce.
Our mission is to protect Amazon customers, make Amazon sales and service organizations the most efficient and effective in the world, and reduce the cost of cloud SaaS. We are looking for a Sr. Security Engineer to design security controls and validate that our services, applications, data stores and emerging technologies are designed and implemented to the highest security standards. In this role, your work will educate and set security requirements for the enterprise usage of third-party platforms and external vendors. You will design, review and deploy tools to prevent and detect security threats, and build training and threat models for our developers and service owners. You will define assessment strategy, priorities, and key metrics that senior leaders use to measure teams across the enterprise. Our teams work closely with other Security teams, and you will lead communication and integration with these teams.
Our highly collaborative team is committed to each team member’s growth as our business grows. Sr. security engineers are expected to be a mentor for others and be a trusted security advisor within the organization.
This role requires the ability to foster constructive dialogue and seek resolution when confronted with differing opinions on security risks. Engineers in this role are expected to participate fully in the planning and prioritization of the Security Enablement team, partner team's goals, and to constantly seek opportunities for process improvement.
A successful candidate will need a combination of troubleshooting, technical, and communication skills. You must have the ability to take ownership and deliver on multiple complex objectives which may include project and software development work.
The right candidate will possess a strong security program background, experience building security standards for cross cloud deployments, deep knowledge in SaaS, and demonstrated experience driving enterprise security change.
Key job responsibilities
- Identify enterprise patterns of business requirement and security threat, and create product requirements or multi-org security initiatives to remediate them.
- Lead security assessment of new cloud products and releases, develop threat models and standards, and coordinate with Amazon security teams to develop implementation and operations templates that can be re-used across Amazon.
- Develop security requirements, training and oversight mechanisms for external consultants and work for hire.
- Coordinate with Amazon security teams to set technical standards and prioritize security campaigns.
- Develop, interpret, and implement security standards, baselines, policies and procedures for teams using Cloud SaaS.
- Collaborate with vendor product teams to develop new features with an eye on security.
- Design and deploy security detections with customer facing guidance.
- Assist in vulnerability analysis, security reviews and incident response when expertise is required.
- Develop and deliver general security awareness training.
- Build a culture of security.
BASIC QUALIFICATIONS
- BS in Computer Science, Information Security, 5+ years of demonstrated experience in areas such as application security, offensive security and/or systems security.
- Understanding of threat modeling, manual source code review, security vulnerabilities, attacker exploit techniques, and methods for their remediation.
PREFERRED QUALIFICATIONS
- 8+ years of any combination of the following: threat modeling, secure coding, cloud security, system design, cryptography.
- Experience with AWS products and services.
- 5+ years working within the Salesforce ecosystem.
- Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.
- Ability to drive multiple technically complex priorities together while remaining effective at providing security guidance to stakeholders and ability to work with a high degree of autonomy.
- Experience in securing SAAS applications and partnering with vendors to drive innovative solutions.