Senior Security Engineer, Corporate Services Security – Large-Scale Risk

Senior Security Engineer, Corporate Services Security – Large-Scale Risk

Job ID: 2712137 | Amazon.com Services LLC

We are open to hiring candidates to work out of one of the following locations:
Seattle, WA, USA
At Amazon, we are laser-focused on earning and maintaining customer trust. The Corporate Services Security team (CPSS) protects critical business services that our employees use to deliver the best products and services on planet earth.

Our Large-Scale Risk Reduction team (LSR) is looking for an innovative and impact-driven senior security engineer who has a strong passion for security at scale. This team is responsible for identifying large-scale risk within corporate services and integrations across the corporate services space, both first-party and third-party. This team secures the business by identifying and uncovering systemic risk, prioritizing scalable solutions, and driving mitigation efforts that lead to lasting and large-scale change across the company.

A senior security engineer in this role will operate across multiple Amazon Security teams and will leverage their diverse and deep expertise to drive strategic risk reduction with business leaders at the highest levels. They will identify opportunities to effectively scale our portfolio in order to meet the diverse needs of our customers. They will bring unique and creative insight into how we identify and drive risk reduction across the business. They work smarter and connect experts across disciplines to develop solutions that would otherwise not be feasible.

A person in this role must show exemplary judgment in making trade-offs between short-term fixes and long-term security and business goals. They think big and deliver impact. They must also demonstrate resilience and navigate ambiguous situations with composure and tact. Above all else, earning and maintaining trust along with a strong sense of customer obsession is necessary to achieve the ultimate goal of keeping Amazon and its customers secure.

Key job responsibilities

1. Develop and deliver hunting campaigns to discover systemic risk plaguing the organization
2. Write compelling narratives for stakeholders to consume and understand risk and impact
3. Write crisp executive summaries for presentation to stakeholders and executives
4. Develop innovative accelerators, tools, and mechanisms to improve the team’s velocity and quality
5. Facilitate forums with principal engineers to drive consensus on appropriate solutions
6. Demonstrate creativity, insight, intellectual flexibility, and sound risk judgment
7. Work independently, but collaborate with cross-functional teams to produce broad impact and exceptional results
8. Be a multiplier and operate with humility while being right, a lot

A day in the life
The Corporate Services Security (CPSS) Large-Scale Risk Reduction (LSR) team is responsible for performing deep analysis, identifying systemic risk, proposing scalable solutions, driving mitigation campaigns, and establishing secure third-party vendor data sharing relationships. The team works to identify, track, monitor, mitigate, and report on large-scale security risk reduction efforts. Through adoption of security controls that scale, and the assessment of internal services and third-party vendors, we are able to ensure Amazon's high security bar is exceeded.

The CPSS Large-Scale Risk Reduction team mission is to provide assurance by identifying and reducing risk through proactive assessment, monitoring, and mitigation.

BASIC QUALIFICATIONS

1. 6+ years of experience in two or more of the following security domains categories: Pentesting, Red Teaming, Security Architecture, Data Analytics, SDLC, or Application Security
2. 6+ years of experience running offensive security or deep dive campaigns in large, complex organizations
3. 5+ years of experience performing penetration testing
4. 3+ years of experience with AWS technologies and services
5. Demonstrated proficiency with Python, C/C++, Lua, Golang, or Rust. Ability to prepare technical specifications and executive-ready communications

PREFERRED QUALIFICATIONS

1. Experience as a software or devops engineer, or security engineer, working with developer teams that delivered commercial software or services
2. Threat modeling experience and knowledge of AWS Cloud Security principles
3. Threat hunting and/or detection engineering and experience in automation and orchestration (Chef, Puppet, Ansible, etc)
4. GIAC Defensible Security Architecture (GDSA), OSCP, OSCE3, OSWE, or similar
5. Published CVEs, offensive tools, or articles

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

Posted: August 14, 2024