Amazon Jobsを探す

Penetration Testing Technical Program Manager (TPM), AWS

職種ID:609358 | Amazon Web Services, Inc.


Since early 2006, Amazon Web Services (AWS) has provided companies of all sizes with an infrastructure web services platform in the cloud. With AWS you can requisition compute power, storage, and other services thereby gaining access to a suite of elastic IT infrastructure services as your business demands them. AWS customers can take advantage of’s global computing infrastructure which is the backbone of’s multi-billion dollar retail business. AWS provides scalable, reliable, and secure distributed computing infrastructure that has been honed for over a decade. For more information on Amazon Web Services, please visit:
The AWS IT Security team is responsible for the security and availability of all cloud and mobile products and services offered by AWS. This includes cloud services such as EC2 and S3 as well as consumer offerings like Amazon Appstore and Cloud Drive. Our team works with development teams to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale.

AWS Security is looking for a AWS Application Security TPM to help ensure that our services, applications, and websites are secured against the latest threats. You will be on a team responsible for conducting manual penetration testing, creating/maintaining automated penetration testing solutions, documenting penetration testing methodologies, and helping service teams add penetration testing tools to their development processes. This position will provide you with a challenging opportunity.

You should have strong problem-solving skills, excellent communication skills, an understanding of modern Internet threats, the ability to influence people from customers to managers by creating a win-win solutions, and the desire to be an individual contributor to securing Amazon's next generation technology. You should be open to new challenges, extremely good at multi-tasking, innovative, creative, self-directed and a great team player. You will drive continuous process improvement, and collaborate effectively with aggressive cross-functional business and software development teams to solve problems and implement new solutions.

The candidate in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Conflicts should be addressed by listening, finding the best way forward and persuading one’s colleagues. A successful technical program manager in this role will regularly analyze their own performance with a critical eye.

· Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure solution.
· Address bottlenecks, provide escalation management, anticipate and make tradeoffs and balance the business needs versus technical constraints.
· Provide continuous process improvement to maintain exceptional quality standards.
· Report across many active and scheduled projects, keeping all stakeholders engaged
· Directly represent the team to business leaders and technical staff at all levels of the company


· BS in Computer Science, Information Security, or related field, or equivalent work experience
· Minimum of 3 years of experience with two or more of the following categories:
· Technical Program Management, driving projects from concept to delivery and continuous process improvement
· Experience with vulnerability testing and auditing techniques
· Collection, Evaluation, and Reporting of Business Analytics


· Demonstrable strong written and verbal communication skills.
· Experience developing and executing “bug bounty” security testing.
· Experience with driving large, company-wide initiatives, and maintaining exceptional results.
· Experience developing, interpreting, and communicating analytics.
· Experience with managing vendors, including deliverables, performance, and contract negotiation.
· Proficiency with Business Analytics tools (SQL, Tableau)
· Proficiency with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
· Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
· Strong sense of ownership, urgency, and drive