To serve its customers globally, Amazon operates businesses and technology platforms that handle some of the largest transaction volumes of any company on earth. The Finance Technology (FinTech) organization works with every part of Amazon to capture, compute, transact, and report their financial events. When a customer orders a banana slicer on Amazon.com in France, watches an episode of Mr. Robot on Prime Instant Video in the US, downloads an e-book on their Kindle from a beach in Brazil, or spins up a spot EC2 instance on AWS in China, they feed into a continuous petabyte-scale stream of global events moving through the company's technology ecosystem. We harness these data streams to pay Amazon's suppliers, bill our customers, enable financial analysis and planning, and to report our financial results at many different levels of aggregation to internal and external customers.
The FinTech Security (FinSec) team is responsible for the overall software and infrastructure security posture of the Finance Technology organization (FinTech). Our team works with development and systems engineering teams to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale.
FinTech Security (FinSec) is looking for Security Engineers to defend critical Amazon financial applications and join a team who work to secure the applications and infrastructure used by hundreds of millions of customers every day. You will help deliver secure solutions using the most advanced capabilities of AWS and invent, develop, and automate security tooling using modern security techniques. Tens of thousands of EC2 instances, hundreds of RDS databases, petabytes of data, and millions of lines of code await.
Ideal candidate profile
· 3+ years of progressive experience in a security-focused role.
· Experience with service-oriented architectures and web services security.
· Experience in at least one of the following: application security, infrastructure security, business risk analysis, and making complex business/risk trade-off recommendations.
· Working knowledge of Python, Perl, Ruby, Java, C/C++, or PL/SQL.
· Technical knowledge in at least one security domain including security engineering, systems and network security, authentication, or security protocols.
· Hands-on experience with one or more information security processes such as design review, threat modeling, risk analysis, or software testing.
· Demonstrated risk-based prioritization ability.
· BA/BS in computer science, information security, related discipline, or equivalent work experience.