Amazon Security Engineer II WW Ops 

United States, Washington, Seattle 

530894010

Key job responsibilities
* Acting as subject matter expert on risk-based security reviews and assessments at scale
* Collecting/reviewing data from multiple sources to assess third party partner security posture.
* Building, evolving, and improving sustainable processes and measurement systems to ensure that security policy requirements are maintained.
* Preparing reports for senior management on the state of partner compliance.
* Determine findings criticality considering the relevant business, technical, and threat environment.
* Contribute to the long-term and short-term security strategy to ensure that third party related services are designed and running securely.
* Reviewing exceptions to policy and determining risk and impact.
* Serving as an advisor on security & compliance issues for operations staff.
* Maintaining a broad understanding of the global regulatory landscape impacting Amazon.
* Advising project and legal teams on ensuring the required security terms are in contracts and participate in contract negotiations with sensitive external partners at a global level.
* Determining strategy for highly sensitive and/or high-profile assessments.
* Maintaining metrics on partner security and compliance status.
* Ensuring the team delivers on security goals, and make recommendations for incremental process improvement.
* Travel may be required to perform VISA assessments.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Work/Life BalanceInclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

- Bachelor’s degree in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics or related discipline, or additional equivalent technology experience
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 5+ years of experience in identifying security issues and risks, and developing mitigation plans
- 3+ years of experience in one or more of the following areas: identity and access management, cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments
- 2+ years experience analyzing diverse and large datasets using SQL or other analytical tools

- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- CISSP, CISA, or related GIAC Information Security certification
- Consistent demonstration of utilizing automation to solve recurring problems at scale
- Experience driving multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
- Excellent leadership, teamwork and collaboration skills
- Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions
- Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audience