Security Engineer, Payments Security

Amazon•Seattle, WA

20h•Onsite

About The Position

As a Product Security Engineer at Amazon Payments Security, you'll be at the forefront of protecting systems that handle financial transactions and customer data for millions of Amazon customers. Your mission? Fortify our payment systems and payment methods with impenetrable security measures. Amazon Payments processes millions of transactions every day across numerous countries and payment methods. Over 100 million customers and merchants send tens of billions of dollars flow through our systems annually. At Amazon Payments Security, we play a crucial role in promoting best security practices within the internal Payments ecosystem, as well as spearheading the development of secure payment products that prioritize data protection from their inception. A Security Engineer in Amazon will be strong in multiple security domains and sought out for advice on technical issues. Efficient time management skills are required along with the ability to deliver results in the face of uncertainty. Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. The successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts. Additionally, the successful candidate will be: Methodically empirical and experimental in approach and evaluation without being bound by over paralysis-by-analysis; Work ceaselessly to improve knowledge of the security field, threat landscape, security intelligence, moving proactively toward prevention and detection of threats; Be an enthusiastic learner and curiosity seeker, focusing on what can be done rather than hindered by notions of what cannot be; Possess effective verbal and written communication skills, be passionate about sharing knowledge, tactics, strategy, as well as advocating for the project mission; Have excellent time management skills along with the ability to deliver results in the face of uncertainty; and Evangelize security within Amazon.com and be an advocate for customer trust. A successful candidate will be a deeply curious individual who brings technical expertise, and ability to work within a fast-paced startup culture in a large company that has broad business impact. This is a unique opportunity to start with Amazon Payments and innovating and scaling security to protect customer trust.

Requirements

Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
2+ years of any combination of the following: application security frameworks, identity and access controls, incident response, mobile security, cloud computing and security, AI security, threat intelligence, and penetration testing experience
Experience with threat modeling and penetration testing
Knowledge of security technology and concepts (Authentication, Authorization, Single sign-on, Cryptography, etc.)
Experience in written and verbal communication skills to communicate with technical and non-technical audiences, including senior leadership
Experience in scripting, programming, or security code reviewing in a common language, such as Python, Java, or C++

Nice To Haves

Experience with AWS services or other cloud offerings
Experience implementing security solutions at the cross-team level
1+ year of experience in Secure SDLC
Ability to drive multiple technically complex security reviews together while remaining effective at providing security guidance to stakeholders.

Responsibilities

Develop a broad and deep technical understanding of products, services and architectures pertaining to the Amazon Payments organization.
Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
Interpret security tools and penetration testing results to stakeholders, providing advice on prioritisation, vulnerability remediation and risk mitigation.
Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
Propose and develop materials to help raise the security bar across the Payment Engineering organization.
Build and integrate innovative and scalable tools, solutions, and processes to enhance the Payments Security’s operations and to provide a customer-centric experience.
Analyze logging and alerting infrastructure to ensure appropriate coverage and response capability.
Evaluate impact of current security trends, advisories, publications, and academic research. Coordinate responses as necessary across affected teams.
Participate in security escalations support including on-call rotation.

Benefits

health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
401(k) matching
paid time off
parental leave
sign-on payments
restricted stock units (RSUs)

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume