Senior Security Engineer, Payments Security - Amazon
Seattle, WA 98194
About the Job
Description
Come build the future with us! In Payments Security, we protect foundational systems and products that allow Amazon to accept payments for all goods, content and services that people buy at Amazon and around the world. We are looking for a high caliber, innovative Senior Security Engineer to secure Amazon Payments' most critical businesses protecting mission-critical services and customer experiences. You will focus on securing the ecosystem in Amazon Payments that processes millions of transactions every day across dozens of countries and payment methods. Over 100 million customers and merchants send tens of billions of dollars through our systems annually. We are re-inventing the vision of our platform to provide our internal and external clients the best payment gateway service.
Payments Security owns full-stack Product Security for Payments across Amazon and its business units, deeply supporting the Global Payments businesses. We are part of Amazon's broader Stores Security organization responsible for protecting Amazon's global information assets. We partner across global Payments business units to innovate in full-stack security (data, application, network, containers, infrastructure), ensuring our Payments applications and infrastructure are secure-by-design from concept to launch and into continuous operations. We are a strategic security partner to our Payments businesses ensuring we uphold the highest security bar for our production and pre-production systems, balancing short-term mitigations with long-term secure-by-design architectural solutions, making Security simpler and differentiated.
We provide security "In the Cloud" and enable scalable mechanisms for software developers and systems to meet Amazon's security and privacy requirements. We are both a customer and a partner to AWS in raising security awareness, providing scalable tools, and protecting shared infrastructure.
This position will provide you with a challenging and rewarding opportunity to solve difficult security problems at planetary scale. As a security engineer you will help ensure that customer data is secure across Amazon Payments products and services. You will help define short-term and long-term security strategy. You will balance your efforts between strategic and operational deliverables. You will have the opportunity to work with talented security and other engineering teams within Amazon. You care deeply about keeping Amazon customers data secure and therefore are passionate about finding, and mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization (technical and non-technical). The successful candidate must be autonomous, comfortable operating in highly ambiguous situations, and must deliver results in a fast-paced environment.
A Security Engineer in Amazon will be strong in multiple security domains and sought out for advice on technical issues. Efficient time management skills are required along with the ability to deliver results in the face of uncertainty. Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. The successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts.
Key job responsibilities
- Perform security reviews including secure design and architecture, threat modeling, secure code reviews, security testing, and security certifications
- Identify security gaps in applications, services, or products both internally developed and third party solutions
- Determine findings criticality taking into account relevant business, technical, and threat environment, and provide actionable long-term and short-term risk mitigation recommendations taking into account business context
- Communicate findings to relevant stakeholders through a combination of verbal or written reports. Identify owners, and drive mitigation of findings within established SLAs
- Produce reports that describe the work performed for technical and non-technical audiences, and record findings and supporting evidence following established policies and procedures. Create relevant documentation, security guidance, and metrics to report to your stakeholders and business leaders, and deliver these in a clear, concise manner
- Design, develop, deploy, and maintain security automation, secure-by-default solutions, and other solutions that will enable security engineering scaling while raising the security bar.
- Develop a broad and deep technical understanding of the services and architectures pertaining to Amazon Payments. Contribute to the short and long-term security strategy to ensure that products are designed and built securely by design while improving the secure software development life-cycle (SSDLC).
- Lead new, reoccurring, or ah-hoc security initiatives with end-to-end ownership. Participate in security escalations support including on-call rotation.
- Support for mentoring, team building, recruiting and onboarding activities.
- Must be a kind human who enjoys working in a fun team
About the team
ABOUT AmSec:
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Bachelor's degree
- 5+ years of experience in application security, product security, or systems security,
- 3+ years of experience in security automation,
- 1+ years of experience in at least one scripting or compiled language such as JavaScript, Go, Ruby, C# or C/C++, Ruby.
- Experience driving multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
Preferred Qualifications
- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest- Master's degree in Computer Science, Information Security, Computer Engineering, Electrical Engineering or equivalent
- 3+ years of software development experience with at least one programing language such as Java, Python, JavaScript, Go, Ruby, C# or C/C+Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Source : Amazon