Sr. Hardware Security Engineer, Amazon Leo Security

About The Position

Requirements

• 5+ years of non-internship background in troubleshooting systems issues, analyzing logs, or automating complex tasks using command line tools experience
• 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
• 5+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques
• Experience as a mentor, tech lead or leading an engineering team

Nice To Haves

• Experience applying threat modeling or other risk identification techniques or equivalent
• Experience with security in service-oriented architectures/microservices and web services

Responsibilities

• Establish product-specific security bar, threat models, and security priorities to aid builders in ensuring consistent security execution across the business.
• Identify design & implementation defects.
• Support product development processes by providing consultation services on difficult security decisions.
• Collaborate with business leaders to define security priorities.
• Support product leaders by acting as a trusted advisor.
• Support leaders by providing them with direction that makes security easy.
• Help leaders measure their org's security execution.
• Guide teams towards outcomes that produce products that safely handle customer data.
• Collaborate with builder teams to assess technical debt and risk.
• Provide strategic direction that addresses vulnerabilities and fortifies our products.
• Lead the burn down of long-term risk.
• Guide teams towards solutions that are secure by default.
• Invent & propose secure-by-default solutions if they don’t exist.
• Leverage support from automation teams that find discoverable vulnerabilities.
• Advocate for the creation & deployment of new testing tools, and detection mechanisms.
• Enable builder teams to become proactive & self-sufficient on security.
• Work with builder teams to understand their build processes.
• Ensure that builder teams use appropriate security linting & static analysis tools.
• Help our builders find security solutions that reduce security operations costs over time.
• Instill a security culture in builder teams.
• Mentor builders who aspire to become security advocates & security engineers via 1-1 sessions & office hours.
• Assist Red Teams in identifying security testing priorities.
• Assist in scoping penetration tests and help deep-dive on these engagements.
• Investigate emerging security issue, root cause them, and devise mechanisms to prevent them.
• Propose a security vision for the business that delivers security that protects our customers.
• Hack some really cool bleeding edge tech.

Benefits

• sign-on payments
• restricted stock units (RSUs)
• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave