Amazon Security Engineer II WW Ops 

United States, Texas, Dallas 

565173421

Key job responsibilities
Building, evolving, and improving sustainable processes and measurement systems to ensure that security controls are visible and integrated into Stores VISA metrics, reporting, and continuous monitoring.
* Establishing the appropriate triggers and building automated mechanisms to inform if/why a deep dive, targeted assessment is needed
* Partner and engage with threat intelligence teams across Stores and Stores BST to determine and own Stores VISA role in Incident Response and enable visibility to reporting across threat activities related to high impact partners supported.
*Provides security input for assessment reporting and responses to findings and/or evidence for security engineering review to help 3P partners mitigate identified security findings and/or recommendations system or service.
* Delivers independently within the team, with limited guidance.
* Acting as subject matter expert and representative of the Amazon security bar for assessments at scale
* Collecting/reviewing data and evidences from multiple sources to assess third party partner security posture.
* Contribute to the long-term and short-term security strategy to ensure that third party related services are designed and running securely.
*Identifies insights and cross-functional opportunities to address security issues systemically through automated mechanisms, or enhanced controls, and delivers appropriate outcomes.
* Positively impacts builder experience for the BSTs we support.
* Reviewing exceptions to policy and determining risk and impact.
* Serving as an advisor on security & compliance issues for Stores VISA and Stores BST Security engineering.
* Maintaining a broad understanding of the global regulatory landscape impacting Amazon.
* Advising project and legal teams on ensuring the required security terms are in contracts and participate in contract negotiations with sensitive external partners at a global level.
* Determining strategy for highly sensitive and/or high-profile assessments.
* Maintaining metrics on partner security and compliance status including liaison with Integrated Risk Management program (assessment tooling).
*Identification for internal business intelligence sources, leading integration for ongoing visibility related to assessment findings, remediation, and external business intelligence sources.
* Travel may be required to perform deep dive VISA assessments.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Work/Life BalanceInclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

- Bachelor’s degree in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics or related discipline, or additional equivalent technology experience
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 5+ years of experience in identifying security issues and risks, and developing mitigation plans
- 3+ years of experience in one or more of the following areas: identity and access management, cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments
- 2+ years experience analyzing diverse and large datasets using SQL or other analytical tools

- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- CISSP, CISA, or related GIAC Information Security certification
- Consistent demonstration of utilizing automation to solve recurring problems at scale
- Experience driving multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
- Excellent leadership, teamwork and collaboration skills
- Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions
- Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audience