Job title: Sr Security Engineer – Blue Team, PXT Security
Job description: DESCRIPTION
At Amazon, we are obsessed with earning customer trust. The People Experience and Technology (PXT) Security team enables our PXT business leaders to maintain customer trust by keeping HR systems and their underlying employee, contingent worker, applicant, and candidate data secure.
PXT Security’s Defensive Security Team is looking for a passionate, innovative, and results oriented security engineer who has a strong passion for security at scale to help keep Amazon PXT’s applications and services secure. This team is responsible for onboarding PXT applications and services to a security log monitoring platform, which helps in detecting unauthorized user behavior, and alerting PXT application teams when potentially abusive behavior is detected. Our team also partners with PXT application teams to remediate weaknesses, and sharpen our software development lifecycle.
In this role, you will be asked to solve complex technology problems, build tools to automate your way out of manual efforts, and influence how PXT services protect, detect, and respond to adversaries, and mitigate security threats to protect HR data. You will be in direct contact with PXT teams across business verticals, giving you first hand knowledge about how Amazon PXT is built and operates. Additionally, you will leverage the knowledge you gain to find new ways to drive improvements to PXT’s services, processes, and programs. Further, you will be backed up by a team of highly-skilled security engineers, all working with a singular focus of maintaining our customer’s trust.
A person in this role must show exemplary judgment in making trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate ambiguous situations with composure and tact. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.
Key job responsibilities
- Ensure PXT application owners have enabled security event logging for their applications
- Support PXT application owners to onboard their applications on a log monitoring platform, detect unauthorized user behavior, alert application teams when potentially abusive behavior is detected, and help teams remediate weaknesses
- Develop comprehensive security testing strategies and programs across PXT to provide assurance that security controls are designed and operating effectively
- Develop innovative accelerators, tools, mechanisms, and processes to enhance the security team’s velocity and scale to Amazon’s needs
- Facilitate multiple stakeholders to agree on appropriate solutions, and verify that risks are mitigated appropriately. Demonstrate creativity, insight, intellectual flexibility, and sound business judgment throughout the process
- Investigate security issues and identify opportunities for detecting or preventing similar issues with automation. Work with development team to ensure that the automatic detection of security issues fits with overall development practices
- Work independently but collaborate with cross-functional teams (e.g., threat intelligence, incident response, software development, QA, Project/Release Management, Build and Release) to provide security engineering consulting and control design recommendations to reduce risk
- Identify and drive new initiatives to expand automatic security analysis to find the critical problems of the present and the future
- Evangelize security across Amazon and be an advocate for customer trust
About the team
The People Experience and Technology (PXT) Security team enables our PXT business leaders to maintain customer trust by keeping HR systems and their underlying employee, contingent worker, applicant, and candidate data secure.
- Bachelor’s Degree or MS in Computer Science or related field
- At least 3 years of experience in application, secure software or system design
- At least 2 years of experience in a development or security role working with development team(s) that delivered commercial software or software-based services
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
- Technical knowledge across multiple areas of security engineering (e.g., system and network security, authentication and security protocols, cryptography, application security)
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, BGP and other routing protocols)
- Excellent communication and data presentation skills to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries
- Ability to take a project from ideation through launch
- Experience in communicating with users, other technical teams, and management to collect requirements, describe software product features, and technical designs
- Deep knowledge of at least one scripting language (e.g., Python, Perl, Ruby, Shell scripting)
- Knowledge of AWS Cloud Security principles, threat modeling or other risk identification techniques
- Sharp analytical abilities and proven design skills
- Excellent written and verbal communication skills
- Excellent leadership and teamwork skills
- Results oriented, high energy, self-motivated
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Location: Seattle, WA
Job date: Fri, 23 Sep 2022 04:17:08 GMT