About the job:
At Amazon, we are obsessed with customer trust. Information Security enables Amazon business leaders to securely develop and operate to maintain Customer Trust by guarding the confidentiality and integrity of Amazon and customer data. We assess risk, classify data and systems, detect potential intrusion, and render useless the value of data that may be leaked.
Our teams span over 10 countries worldwide, and our focus areas include: security intelligence, application security, incident response, security operations, risk and compliance, acquisitions and subsidiaries, and external partner security. Our mission includes instilling awareness to safeguard all customer and employee data, applications, services, and assets. To accomplish this, we unite with Amazon organizations to build security best practices into enterprise-wide systems. Our guidance and leadership equip our partners to maintain high security standards. This team dives deep into security technologies and continuously raises the security bar across Amazon’s Consumer, Digital and Other (CDO) by tackling complex engineering problems that require widespread support and multi-year execution plans.
Amazon.com is looking for a Principal Security Engineer to focus on new strategic information security projects. As a Principal Engineer at Amazon, you will be a technical leader with massive impact. You’ll help establish technical standards and drive Amazon’s overall technical architecture and engineering practices. You’ll work on Amazon’s hardest problems, building high quality, architecturally sound systems that are aligned with our business needs. You’ll think globally when building systems, ensuring Amazon builds high performing, scalable, and secure systems that fit well together. Amazon Principal Engineers are pragmatic visionaries who can translate business needs into workable technology solutions. Your expertise is deep and broad; you are hands on, producing both detailed technical work and high-level architectural designs. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position will provide you with a challenging opportunity.
Amazon’s CDO organization includes a variety of large and growing businesses. It is inclusive of the Consumer Web site, the fulfillment centers, TV and Movie Studios, Prime Video, Devices (Alexa, Kindle, FireTV), IMDB, Zappos, Whole Foods, and many other business. This role will be a direct report to the InfoSec Director leading new strategic initiatives. It will provide opportunities to think big, be customer obsessed, and to partner with business teams across Amazon.com. We dive deep into security technologies such as new identity and authentication systems, hardware security components, cryptography, system hardening, and massive-scale audit analysis. The objective of this program is to define the innovative preventative, detective, and monitoring mechanisms to enable security at scale. In this role, you will discover, define, and solve challenging problems across multiple teams and locations.
The successful candidate is one who loves working directly with software developers to understand their needs, and design security systems and solutions that enable developers to operate more effectively, securely and safely. We have a team culture that encourages innovation and we expect team members and management alike to take high degree of ownership for their program vision and execution of ideas. You will have the opportunity to engage with systems that are at the cutting edge of technology. You will work directly with service teams, partner security teams, and administrative teams to identify opportunities to improve our security posture. You will build tooling, drive process improvements, and work with service owners and cutting edge technology to develop innovative solutions to complex technical challenges.
A Security Engineer at Amazon is expected to be strong in multiple domains and provide contributions to the Amazon Service teams, infrastructure teams and administrative teams. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.
As a senior technical leader, you will join the ranks of Amazon’s most senior Technical Community, a cross-company collective of Principal, Senior Principal and Distinguished Engineers. This group helps establish technical standards and drives Amazon’s overall technical architecture and engineering practices. These leaders work on Amazon’s hardest problems, building high quality, architecturally sound systems that are aligned with our business needs. Amazon senior technical contributors are pragmatic visionaries who can translate business needs into workable technology solutions. Their expertise is deep and broad; hands on, producing both detailed technical work and high-level architectural designs but, driven to engage with business problems and leaders to invent simple solutions with real-world application. In this role, you will serve as the security lead in the design, implementation, and operation of global security systems while also find the delicate balance between high-quality engineering and agile delivery.
This position may be located in Austin TX, Arlington VA, Seattle WA, or Dublin Ireland. Relocation available.
· Bachelor’s degree in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics or related discipline, or 15+ years’ equivalent technology experience
· 10 + years of experience in identifying security issues and risks, and developing mitigation plans
· 10+ years of experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services
· 4+ years of scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages
· 10+ years of experience in one or more of the following areas: cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments
· Proven track record of leading the delivery and operations of large-scale, mission-critical distributed systems
· Deep hands-on technical expertise in Cyber Security and at least one relevant technical area: large scale systems engineering, queuing and messaging, Linux networking, performance analysis, software-defined networking, etc.
· Experience managing complex projects, with significant bottom-line impact
· Experience playing a visionary technical leadership role within a large organization
· Have a clear understanding of cloud computing services/deployment architecture
· Demonstrate innovative security approaches in non-traditional IT environments
· Have experience generating automated metrics to measure service and program effectiveness and consistency
· Have excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences
· Have experience in the development of security products
· Demonstrable teamwork skills and resourcefulness
· Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
· Strong sense of ownership, urgency, and drive
· Sharp analytical abilities and proven design skills
· Experience defining cyber-secure architectures, design and development of asynchronous messaging platforms
· Knowledge of networking protocols and their implementations
· Strong knowledge of data structures, algorithms, asynchronous architectures and distributed algorithms
· Deep understanding of system performance tradeoffs, load balancing, and engineering for high availability
· Masters or PhD in Computer Science or Computer Security.