Amazon Web Services is a dynamic and rapidly growing business within Amazon.com. Amazon Web Services provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. We provide organisations with building block web services that allow them to innovate faster and operate their software more cost-effectively. These services-in-the-cloud include on-demand compute capacity, storage, content delivery, querying of structured data, message queuing, and more. The AWS team is building and delivering the next generation of cloud computing that supports public AWS offerings like S3, EC2, and CloudFront. We are innovating new ways of building massively scalable distributed systems.
The AWS Security team owns security for all services offered by AWS, including EC2 and S3. This creates many opportunities for cross-team collaboration and high visibility into the company. AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualisation, AI and Robotics and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows.
The genuine passion of this team drives innovation. We dive deep into security technologies to provide our customers the best possible experience. Projects include building new authentication systems, enhancing cryptography and conducting massive-scale audit analysis.
To meet the growing demand for AWS Services around the globe, we need exceptionally talented, bright, and driven people. AWS Security places a high importance on career development. We know that people are dynamic and looking to grow their skill set. For this reason, we offer workshops, encourage conference attendance and accommodate career aspirations.
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
WHAT DOES A SECURITY ENGINEER DO AT AMAZON?
We work cross-functionally to assess risk and help deliver countermeasures that protect customers and company data. What does this entail? We work with engineering teams to create solutions that solve or remediate security problems. Advising peers, managers, and senior leaders, we help influence and drive partner-team compliance (e.g., data classification, regulatory obligations, and other security goals).
A Security Engineer at Amazon is expected to be strong in multiple domains and provide significant contributions to the AWS IT Security team and to multiple groups throughout Amazon. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. Security Engineers are also expected to mentor more junior engineers and be a security thought leader for the organisation.
A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the AWS IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS IT Security and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas.
A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.
· BS in computer science, networking, information systems, computer engineering, or 4+ years of equivalent experience
· Experience working with development team(s) that have delivered commercial software or software-based services
· Experience with hardware security, system and network security, authentication and security protocols, cryptography, and application security
· Knowledge of network and related web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
· Knowledge of threat modeling or other risk identification techniques
· Knowledge of system security vulnerabilities and remediation techniques
· Familiarity with attack patterns and exploitation techniques
· Able to advise others on how to be compliant on data classification, regulatory obligations, and meet security goals
· Experience with Security Engineering and Assurance methodologies e.g. symbolic execution, fuzzing, static and dynamic code analysis
· Knowledge of technical security issues facing large companies
· Experience with AWS products and services
· Results oriented, high energy, self-motivated
By working together on behalf of our customers, we are building the future one innovative product, service, and idea at a time. Are you ready to embrace the challenge? Come build the future with us.
Amazon is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation
Ideal candidate profile
· 4+ years of experience in identifying security issues and risks, and developing mitigation plans
· 4+ years of experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services
· 4+ years of scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages
· 2+ years of experience in one or more of the following areas: cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments