Senior Security Engineer Amazon
Seattle, WA

Job Description

To serve its customers globally, Amazon operates businesses and technology platforms that handle some of the largest transaction volumes of any company on Earth. The Finance Technology (FinTech) organization works with every part of Amazon to capture, compute, transact, and report their financial events. When a customer orders a banana slicer on Amazon.com in France, watches an episode of Mr. Robot on Prime Instant Video in the US, downloads an e-book on their Kindle from a beach in Brazil, or spins up a spot EC2 instance on AWS in China, they feed into a continuous petabyte-scale stream of global events moving through the company's technology ecosystem. We harness these data streams to pay Amazon's suppliers, bill our customers, enable financial analysis and planning, and to report our financial results at many different levels of aggregation to internal and external customers.

The FinTech Security (FinSec) team is responsible for the overall software and infrastructure security posture of the Finance Technology organization (FinTech). Our team works with development and systems engineering teams to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale.

This role will be expected to provide thought leadership for the organization as you invent and innovate in the course of your duties.

FinTech Security (FinSec) is looking for expert Security Engineers to defend critical Amazon financial applications. Join a team of elite Security Engineers who work tirelessly to secure the applications and infrastructure used by hundreds of millions of customers every day. Does this sound like you?

* You enjoy solving challenging technical problems.
* You have experience that shows breadth and depth of security knowledge.
* You are strong in multiple domains of software and infrastructure security.
* You know how to work as a partner with product teams and give them the advantage of your security experience.
* You recognize, adopt, use, and recommend best practices in security engineering.
* You work ceaselessly to improve your knowledge of the security threat landscape and of technologies that enable new forms of attack and defense.
* You are an effective communicator who engages well with technical and non-technical audiences alike.

Some more characteristics we're looking for:

* Great logic and problem-solving skills and good security instincts.
* The desire to solve security challenges at scale, and work on securing the next generation of applications powering the most sophisticated e-commerce platform ever built.
* Knowledge of threat modeling and other security risk identification methods.
* Knowledge of system security vulnerabilities and remediation techniques.
* Understanding of network protocols from data link through application layer.
* Excellent written and oral communication skills.
* Development experience in Java and C/C++.
* Working knowledge of Python, Perl, or Ruby.
* Exposure to multiple security engineering disciplines including application security, secure software development, cryptography, network security, system security, and security policy.
* Strong technical capabilities with demonstrated focus in at least one of the above disciplines.
* Ability to handle interruptions and work well under frequent context switches.
* Continual drive to increase your knowledge and enhance your skills.
* Proven ability to work effectively in a technology team.
* High energy, focus on delivering results, and ability to self-manage.
* Experience in providing practical solutions that enable product teams to meet business goals while controlling security risk.
* Ability to solve problems at their root and step back to understand the broader context.
* Understanding of relevant threat environments and how they affect products.
* Deep understanding of the interplay between attack and defense. Familiarity with current network security and application security tools and how to apply them.
* Ability to promote secure design principles and a security-focused outlook across a large organization.

As a Security Engineer, you will:

* Perform end-to-end application security reviews to ensure critical information is appropriately protected.
* Identify security vulnerabilities and risks, and develop mitigation plans.
* Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start.
* Architect, design, implement, support, and evaluate security tools and services.
* Develop and interpret security policies and procedures.
* Mentor junior members of the team.
* Develop and deliver security training across the company.
* Evaluate and recommend new and emerging security technologies for use inside and outside the security organization.
* Produce creative and inventive solutions for large problems. Participate in projects that develop new intellectual property.
* Be an advocate for customer trust.