Amazon Web Services (AWS) provides a highly reliable, scalable, and low-cost cloud infrastructure platform that powers thousands of businesses in over 190 countries. AWS Infrastructure Supply Chain & Procurement (ISCaP) works to deliver cutting-edge solutions that invent and simply how we source, build and sustain our data center supply chains. We are a team of highly-motivated, engaged, and responsive professionals who support the core infrastructure of Amazon business. Come join our team and be a part of history as we deliver results for the largest cloud services company on Earth!
We are seeking an experienced Security Engineer to help guide our global Supply Chain Risk Management (SCRM) program and influence and own long-term security outcomes for AWS. You will lead a team of professionals around the world to help assess and mitigate risks in partner manufacturing and logistics, contribute to new mechanisms for defense and response, and analyze the ever-shifting threat landscape to help us prioritize continuous improvement. You will have the opportunity to work in a supportive, collaboration-filled environment to build and secure the future of the cloud.
In this role, you will be the senior security engineering voice for a distributed, multi-disciplinary team. You will use your experience to develop and continuously improve SCRM practices, direct strategic investments across our supply chain, and administer the complex and ever-changing aspects of our supplier assessment program in every region we do business. You will support the training and execution of site and supplier security assessments, interface with governments and customers around the world, and work with engineering partners to design and build new technical and procedural controls to mitigate supply chain risk throughout the entire lifecycle from initial design to final decommissioning.
Key job responsibilities
· Develop, interpret, and implement security policies and procedures.
· Use risk based security and business trade-offs to prevent, detect or respond to high priority threats, events and incidents.
· Provide guidance to the AWS community on supply chain security practices.
· Lead cross-functional teams and security product teams to deliver projects with multiple dependencies and constraints that address complex security issues at scale.
· Influence decision-makers and stakeholders throughout the organization in multiple teams to achieve a consistently high security bar
· Convey technical information to a wide variety of audiences, in writing and verbally
· Collaborate with product teams to develop new security features.
· Investigate security issues and identify opportunities for detecting or preventing similar issues with automation.
· Continuous improvements and building a solutions-based approach to partnership
· Bachelors degree in Computer Science, Engineering, or related technical field, or 4+ additional years of related work experience in lieu of a degree
· 5+ years of experience in at least 2 of the following areas: security, risk management, security architecture, engineering, communications, network security, security assessments, testing, or security operations.
· 2+ years of Experience with hardware security, software security, infrastructure security, network architecture, system administration, threat modeling or software development.
· Experience with network security and protocols (such as DHCP, DNS, SSH, ACLs, TCP/IP, UDP, HTTPS, common ports, etc.)
· An advanced degree in computer science, MIS, engineering or related discipline, and relevant industry certifications (CISSP, CISA/M, CIPP/CIPM/CIPT).
· Familiarity with one more industry standard, such as FIPS 140-2, NIST 800-(30, 53, 88, 161, 171), ISO 27000, 28000, and 20243 series, NERC CIP, ICD 731, FedRAMP, CMMC, TAPA.
· Understanding of best practices in security engineering, including secure development, cryptography, network security, security operations, systems security, policy, and/or incident response.
· Ability to influence peer engineers and leadership on system, network, or software design choices to help them comply with security policies, best practices, and regulations.
· Knowledge of supply chain management practices, including manufacturing systems, process control, and international shipment logistics and regulations.
· Knowledge of AWS cloud services and concepts such as S3, EC2, Kinesis, and VPC.
· Familiarity with hardware and software attack/defense tradecraft, countermeasures, reverse engineering or vulnerability research
· Understanding of how to administer and harden internal processes and systems against outside attacks.
· Knowledge of international labor, safety, and environmental standards and industry alliances.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.