jobber

This job ad has been posted over 30 days ago...

applicants

Amazon.com is looking expert Security Engineers to ensure that our applications and infrastructure are designed and implemented to the highest standards thus maintaining and enhancing customer trust.

If you enjoy analyzing system services, operating systems, networks and applications from a security perspective, and you are skilled at discovering security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity. You will participate in security audits, risk analysis, vulnerability testing and security reviews on many elements of Amazon.com’s systems.

Key tasks include:

• Identify security issues and risks, and develop mitigation plans
• Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles
• Develop and interpret security policies and procedure
• Mentor junior members of the team
• Participate in security compliance efforts (e.g., PCIDSS, SOX)
• Develop and deliver training materials and perform general security awareness and specific security technology training
• Acquisition and vendor risk assessment due diligence
• Evaluate and recommend new and emerging security products and technologies
• Participate in tier 2 and tier 3 security operations support
• Participate in incident handling
• Participate in projects that develop new intellectual property
• Evangelize security within Amazon.com and be an advocate for customer trust

Requirements:

• MS in Computer Science or equivalent desired
• Emerging company-wide reputation in the field of information securit
• Consistent implementation of security solutions at the business unit level
• Several years experience in infrastructure or application-level vulnerability testing and auditing
• Several years of system, network and/or application security experience
• Some involvement with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role)
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Experience with service-oriented architecture and web services security desired
• Experience with the application of threat modeling or other risk identification techniques
• Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
• Development experience in C, C++ and/or Java
• Scripting skills (e.g., PERL, shell scripting)
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Excellent written and verbal communication skills
• Excellent leadership skills and teamwork skills
• Results oriented, high energy, self-motivated

Note: Applications have been closed