AmazonSeattle 98109
Full Time

The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with two or more areas of deep expertise.

||none||Security Engineer Ii, Third Party Security||Amazon|| ||||">

Security Engineer Ii, Third Party Security

Full Time Amazon, 400 9th Ave N, Seattle, WA 98109, United States


This position is available in Seattle, WA, Austin, TX and Arlington, VA.

The Third Party Security (TPS) team looking for a highly motivated Security Engineer. TPS is responsible for managing security risks of using third parties and third party products which get access to Amazon’s data. TPS conducts assessments to determine if third party usage meets Amazon’s security bar and the security measures required to lower the risk to an acceptable level. TPS helps with security risk reduction, by identifying required security measures, helping determine acceptable methods of meeting security control objectives including application of compensating controls or other risk-reduction activities. If you enjoy working at scale in a rapidly changing environment and influencing the protection of our customers within a large global organization, this position will provide you with a challenging opportunity.

As a Security Engineer, you will collaborate with business teams, software development teams, security engineering teams and Third Parties to identify security risks and lower security risks to an acceptable level. In this role you may contribute by conducting security deep-dive reviews (e.g. product security review and testing), developing security guard-rails and baselines for partner teams to securely use third party products and services, consulting on securing integrations of third party products with Amazon services, advising on security configurations, building tools to help assess and monitor security posture of Third Parties, building mechanisms to identify and monitor usage of third parties by Amazon, and improving existing capabilities of the TPS team.

The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with two or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.

Key job responsibilities

Key job responsibilities:

* Independently solving security problems that require novel methods or approaches

* Developing security architecture and design guidance

* Leading security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership

* Developing of prototypes of security automation tools

* Determining strategy for highly sensitive and/or highly technical assessments

* Creating, updating, and maintaining threat models for a wide variety of use cases

* Acting as technical subject matter expert on risk-based security reviews and assessments

* Collecting/reviewing data from multiple sources to conduct a security review

* Communicating security findings to senior leadership and other stakeholders

* Serving as an advisor on security issues for operations staff

* Influencing your team’s and partners’ process, priorities, and choices to improve outcomes

* Building, evolving, and improving sustainable processes and measurement systems to ensure delivery on security goals

* Supporting mentoring, team building and recruiting activities

* Occasional travel may be required

We are open to hiring candidates to work out of one of the following locations:

Seattle, WA, USA

- BS in Computer Science, Information Security or related field, or equivalent work experience

- 5+ years of relevant Information Security experience

- Minimum of 3 years of experience with at least two of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security

- Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security

- Experience reading and writing in at least one scripting or programming language for the purposes of code review and development of prototypes of security tooling

- Ability to discover and communicate deep technical issues in terms of business risk with subject matter specialists, non-experts and senior leaders

- Excellent judgement in assessing and prioritizing technical risk

- Consistent demonstration of utilizing automation to solve recurring problems at scale

- Excellent leadership, teamwork and collaboration skills

- Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions

- Results-oriented, high energy, self-motivated