Security Engineer II, WW Ops Security
DESCRIPTION
Stores Vendor Information Security Assurance (VISA) is seeking a well-rounded Security Engineer with experience across multiple domains to uphold and emulate the Amazon security bar for highest impacting third-party partners. The Stores VISA team is responsible for driving ongoing visibility to the security posture of third-party partners within the Stores Business Security Team (BST) and corresponding business organization. There are roughly over 7700 third party partners in Stores alone. The Security Engineer helps to qualify and prioritize security posture of our highest impacting partners and ensure security assessments and continuous monitoring are enabled.
The Stores VISA Security Engineer must foster constructive dialogue and seek resolution when validating assessment evidence if/why third party partners are not meeting the security bar at Amazon. This role dives deep to understand the infrastructure of third party partners, how/when/why they access Amazon and Amazon customer data and enables controls and visibility to the proper function and efficiency of those controls in maintaining security standards.
The VISA Security Engineer’s key responsibility will be to explore new areas of business the Stores VISA program will support. This will include building continuous monitoring capabilities across each vertical including 1) internal business intelligence - identifying the source, network or proposed solution to gain visibility, 2) identifying and leveraging external business intelligence resources effectively, and 3) correlating assessment data both at on boarding and reassessment data into centralized tooling with intuitive triggers to inform how and when a deep dive assessment is needed to secure the business or increase security posture.
The ideal candidate for this role has a deep understanding of network security, secure by design, and experience with scaling and enabling secure expansion. The Stores VISA Security Engineer is sought out as a resource for both the Stores VISA organization including Technical and Non-technical peers but more importantly business stakeholders and corresponding security engineering teams across the BSTs we support and engage on a regular basis. Candidates will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks across building, integrating, validation of evidence and review, and strategic third party security strategy.
You will have the ability to learn new technology concepts quickly and strategize and build integration points. You are someone who is curious and known for diving deep into subject matter, taking ownership, and encouraging innovative and pragmatic solutions to complex problems. In addition, you will have solid business judgment, enthusiasm for risk management, the ability to gain trust and respect of business leaders, and the capability to guide a fast-paced organization to the right results. This position will be based out of Dallas, Texas and may require potential international travel.
Key job responsibilities
Building, evolving, and improving sustainable processes and measurement systems to ensure that security controls are visible and integrated into Stores VISA metrics, reporting, and continuous monitoring.
* Establishing the appropriate triggers and building automated mechanisms to inform if/why a deep dive, targeted assessment is needed
* Partner and engage with threat intelligence teams across Stores and Stores BST to determine and own Stores VISA role in Incident Response and enable visibility to reporting across threat activities related to high impact partners supported.
*Provides security input for assessment reporting and responses to findings and/or evidence for security engineering review to help 3P partners mitigate identified security findings and/or recommendations system or service.
* Delivers independently within the team, with limited guidance.
* Acting as subject matter expert and representative of the Amazon security bar for assessments at scale
* Collecting/reviewing data and evidences from multiple sources to assess third party partner security posture.
* Contribute to the long-term and short-term security strategy to ensure that third party related services are designed and running securely.
*Identifies insights and cross-functional opportunities to address security issues systemically through automated mechanisms, or enhanced controls, and delivers appropriate outcomes.
* Positively impacts builder experience for the BSTs we support.
* Reviewing exceptions to policy and determining risk and impact.
* Serving as an advisor on security & compliance issues for Stores VISA and Stores BST Security engineering.
* Maintaining a broad understanding of the global regulatory landscape impacting Amazon.
* Advising project and legal teams on ensuring the required security terms are in contracts and participate in contract negotiations with sensitive external partners at a global level.
* Determining strategy for highly sensitive and/or high-profile assessments.
* Maintaining metrics on partner security and compliance status including liaison with Integrated Risk Management program (assessment tooling).
*Identification for internal business intelligence sources, leading integration for ongoing visibility related to assessment findings, remediation, and external business intelligence sources.
* Travel may be required to perform deep dive VISA assessments.
About the team
ABOUT AmSec:
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
BASIC QUALIFICATIONS
- Bachelor’s degree in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics or related discipline, or additional equivalent technology experience
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 5+ years of experience in identifying security issues and risks, and developing mitigation plans
- 3+ years of experience in one or more of the following areas: identity and access management, cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments
- 2+ years experience analyzing diverse and large datasets using SQL or other analytical tools
PREFERRED QUALIFICATIONS
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- CISSP, CISA, or related GIAC Information Security certification
- Consistent demonstration of utilizing automation to solve recurring problems at scale
- Experience driving multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
- Excellent leadership, teamwork and collaboration skills
- Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions
- Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audience
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.