Security Engineer , Amazon Leo

Amazon.com, Inc.•Bellevue, WA

39d

About The Position

Amazon Leo is Amazon's low Earth orbit satellite broadband network. Its mission is to deliver fast, reliable internet to customers and communities around the world, and we've designed the system with the capacity, flexibility, and performance to serve a wide range of customers, from individual households to schools, hospitals, businesses, government agencies, and other organizations operating in locations without reliable connectivity. Export Control : This position requires that the candidate selected be a U.S. Citizen in order to comply with U.S. government-imposed requirements related to the nature of the work and/or where it will be performed. We are looking for a highly autonomous person motivated to take on challenges with a technical background to be part of a growing team that analyzes and implements Leo controls. As part of the Leo Enterprise Technology team, be seen as an expert in delivering Leo control systems and processes to meet Leo security and compliance standards. Be a key liaison with Leo service teams, infrastructure teams, Leo Security, and Global Trade and Compliance. Have the ability to dive deep, understand, document, communicate and implement controls for IT systems and processes, and be able to drive innovative process changes and automation throughout the Leo organization. You are someone who loves working across many stakeholders to design solutions for complex compliance challenges. We have a team culture that encourages ownership, diversity, inclusion, and innovation. We expect team members and management alike to take a high degree of ownership for their program vision of ideas. You will have an opportunity to work across the entire Leo organization implementing and managing various controls along side of Leo Security. Leo security owns policy and definition of controls, this role owns the coordination, development, implementation, and change management of controls as well as managing defects and improvements. This is a fast-paced, intellectually challenging position, and will work with leaders in multiple technology areas. Have relentlessly high standards for yourself and everyone you work with, and be constantly looking for ways to improve your product's performance, quality and cost. We want individuals who are ready for this challenge and want to reach beyond what is possible today. Here at Amazon, we embrace our differences. We are committed to furthering our culture of inclusion. Amazon has ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences. Amazon's culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust. At Amazon, our mission is to be the most customer-centric company on Earth. To get there, we need exceptionally talented, bright and driven people. We're dedicated to supporting new team members. Our team has a broad mix of experience levels and Amazon tenures, and we're building an environment that celebrates knowledge sharing and mentorship

Requirements

3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
Bachelor's degree in computer science or equivalent
Knowledge of networking protocols such as HTTP, DNS and TCP/IP

Nice To Haves

2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
Experience with AWS products and services
Experience with programming languages such as Python, Java, C++

Responsibilities

Understand and implements ISO 27001, NIST, and other security controls
Understanding of threat modeling, manual source code review, security vulnerabilities, attacker exploit techniques, and methods for their remediation.
Assisting certifications and assessments programs by liaising with Leo Security, auditors, and Leo service teams, articulating control implementation and impact, and documenting procedures
Establishing credibility and maintaining strong working relationships with groups involved with Information Security and compliance teams (Leo Sec, Info Sec, Legal, Internal Audit, Physical Security, Developer Community, Networking, Systems, etc.)
Identify automation opportunities while working across engineering teams
Helps drive continuous improvements to the Leo compliance program, the program management process, and control implementation projects in coordination with the service teams and Security
Captures and tracks information security metrics and goals for all required controls
Develop dashboards, canaries, and alarms for all automated controls
Clearly communicating vision, deliverables, and project status to management and key technical and business stakeholders
Delivers recommendations and risk interpretations in a clear, concise, and audience-specific format