Skip to main content

Security Analyst, AWS Trust and Safety

Job ID: 2130273 | Amazon Web Services, Inc.

DESCRIPTION

Job summary
AWS Trust & Safety (T&S) is a global team that helps protect against abusive use of AWS services while simultaneously working to build trust with AWS’s customers, partners, and other stakeholders. T&S engages with a variety of stakeholders to understand cloud infrastructure-related trust and safety issues, develop fit-for-purpose frameworks to assess and minimize risks for AWS’s customers, and develop guidelines and processes for responding to trust and safety issues. Our team members display a solid understanding of AWS’s cloud infrastructure, strong technical knowledge, and the ability to exercise sound judgment on complex and time-sensitive matters.

AWS Trust & Safety is seeking a Security Analyst who desires to join our global, innovative & high-energy Security team. The right candidate must thrive in ambiguous, often high-pressure situations, think like both an attacker and defender. They will help help our team to identify opportunities to support our customers and abuse reporters, and influence relevant teams to take the right actions in the right timeframes to mitigate risks.

In this role, you will be responsible for deep diving into security related matters to identify patterns and trends. You will drive resolution with appropriate stakeholders to permanently resolve the root cause of the issue. You will own data input and review mechanisms, seeking out detecting and responding to threats together with customers and driving security improvement back into the service via improved processes or more secure development practices.

The AWS T&S Security team are also responsible for working with customers on their cloud adoption and on activities that require greater security judgment. They work hands-on developing detective capabilities, identifying mitigations to vulnerabilities and respond to potential threats to Amazon systems and those of our customers. Security Engineers are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis.

This position requires a person with a security and trust & safety background, who will show initiative by proactively seeking and identifying security flaws and vulnerabilities, quickly assessing potential for risk, driving for the right architecture decisions across many different teams to harden infrastructure, while educating the broader team.

The successful candidate will have a mix of deep technical knowledge and a demonstrated background in information security and trust & safety. We value broad and deep technical knowledge, specifically in the fields of cryptography, application security, infrastructure security, security operations, security response, and security intelligence.

Key job responsibilities

  • You will create, own, and manage ongoing internal T&S Security review processes.
  • You will participate in an oncall rotation, and operate as a primary T&S POC for emergent Security related events and post incident analysis.
  • You will dive deep into data from various sources of input to identify patterns and potential threats.
  • You will represent T&S with cross functional partners, and work with these teams to drive resolution of security gaps that lead to abuse.
  • You will provide valuable input to wider AWS Security review and escalation mechanisms.
  • You will incorporate abuse trends to proactively identify security risks and drive resolution with appropriate stakeholders internally and externally.
  • You will own T&S’s vulnerability management review mechanisms, and drive escalation/resolution of discovered vulnerabilities both internally, and with external customers.

BASIC QUALIFICATIONS

  • 5 years experience and detailed technical knowledge in multiple areas of: trust & safety, security engineering, system and network security, authentication and security protocols, cryptography, and application security.
  • Experience managing end to end security related projects with multiple stakeholders and points of influence.
  • Experience with service-oriented architecture and web services security
  • Experience with the application of threat modeling or other risk identification techniques
  • Experience designing and/or reviewing the security of systems in conjunction with a development team
  • Experience in risk identification, secure software design, secure architectures, security testing, or vulnerability detection or remediation

PREFERRED QUALIFICATIONS

  • Sharp analytical abilities
  • Strong communication skills and comfort providing SME input during high profile and highly visible escalated issues.
  • Excellent leadership skills and teamwork skills
  • Results oriented, high energy, self-motivated
  • One or more professional network and security certifications such as Security+, Network+, CCNA, GSEC, CISA or CISSP (or equivalent work experience)
  • Experience working with internal and external customers to identify and resolve security related matters.
  • Strong scripting skills in one or more of the common languages (e.g., Perl, Python, Ruby, shell scripting)
  • Experience in the Trust & Safety related field.
  • Clear understanding of AWS cloud computing services/deployment architecture
  • Demonstrated grasp of network security and protocols (DHCP, DNS, SSH, ACLs, TCP/IP, UDP, HTTPS, common ports, etc.
  • Excellent communication skills and the ability to drive cross-team collaboration.
  • Passion for developing and mentoring other engineers
  • Experience generating automated metrics to measure service and program effectiveness and consistency
  • Experience developing security products
  • Self-drive to move forward even in the face of ambiguity and imperfect knowledge
  • Meets/exceeds Amazon’s leadership principles requirements for this role
  • Meets/exceeds Amazon’s functional/technical depth and complexity for this role

The base pay range for this position in Colorado is $144,800-160,000/yr; however, base pay offered may vary depending on job-related knowledge, skills, and experience. A sign-on payment and restricted stock units may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered. This information is provided per the Colorado Equal Pay Act. Base pay information is based on market location. Applicants should apply via Amazon's internal or external careers site.


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Workers in New York City who perform in-person work or interact with the public in the course of business must show proof they have been fully vaccinated against COVID or request and receive approval for a reasonable accommodation, including medical or religious accommodation.