Amazon Privacy Engineer Incident Response 

United States, Washington, Bellevue 

971830055

Key job responsibilities
* Manage escalated privacy and trust risk events/cases from start to finish; write detailed case notes, reports, summaries, short and long-term recommendations, and trade-off analyses for all audiences, including senior leadership.
* Interact with and influence other teams (e.g., service teams, engineering, product, legal); identify experts and stakeholders on other teams to support decisions on containing incidents or mitigating privacy and trust risks; build consensus and recommendations based on analysis of the nature of potential violations to Privacy Policies, Promises, or Legal/Regulatory requirements.
* Own successful delivery of large, impactful, and highly cross-functional program initiatives while simultaneously tracking a set of smaller projects. Demonstrate comfort with handling technical investigations and analysis, and provide actionable recommendations to senior leadership audience with minimal supervision.
* Develop deep knowledge of global privacy and data governance obligations, processes, best practices, and solutions utilized by Amazon. Utilize this knowledge to provide recommendations and consultation to improve DSTP processes and tooling and reduce risk through control automation and enhancements.
* Establish metrics and regular reporting/escalation mechanisms for measuring results, progress, and gaps in performance and compliance.
* Communicate plans, status, and critical issues clearly and effectively.
* Support deep dive assessments and ad-hoc data analysis requests.A day in the life
This is an inherently cross-functional role where you will work directly with engineers, product managers, policy and compliance specialists, legal, PR, Marketing, and other Amazon builders to help them identify, expediently contain/mitigate privacy incidents and risks, and implement a Privacy by Design and Default culture. You will use your investigative and/or analytical experience and demonstrate your prowess and experience in writing and briefing complex cases. You will track risk assessment, validation, adjudication, and remediation actions, and ensure that teams prioritize and execute those tasks in a timely fashion. You will be responsible for knowing the ins and outs of impacted systems, and ensure the impacted builders/owners follow the correct paths to compliance. You should be comfortable working in a fast-paced, rapidly evolving environment with fast delivery time, rapid iteration, and data-driven decision-making.
Our GRC team values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

- Bachelor's degree in computer science or equivalent
- 5+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+

- Experience applying threat modeling or other risk identification techniques or equivalent
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Experience in Security and Privacy Incident Response and proficiency in at least one of the following domains: Malware Analysis / Reverse Engineering; Digital Forensics; Security and Privacy Tool Development & Automation; Programming/Scripting; Data Protection; Identity and Access Management.Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.