DESCRIPTION The Ads Security organization at Amazon is dedicated to creating innovative technical solutions that detect, assess, and mitigate security risks within Amazon's Advertising businesses. Our vision is to accelerate the development velocity of the Advertising business by ensuring that our products are inherently secure. We are seeking a talented engineer to join our team, where you will have the opportunity to contribute to securing web applications and services critical to delivering exceptional customer and partner experiences at scale in Amazon Ads. The ideal candidate will have a robust background in security program management, experience in establishing security standards for cross-cloud deployments, and a deep understanding of cloud security, particularly within AWS platforms. You will conduct independent security reviews, oversee penetration tests as necessary, and provide guidance to stakeholders on remediation strategies and best practices for integrating security into their application platforms. Your role will be pivotal in ensuring the protection of customer data and critical infrastructure within the Ads organization.
Key job responsibilities
As a Senior Security Engineer within Amazon's Ads Security team, you will play a crucial role in ensuring that applications across numerous Ads platforms are designed and executed with the highest security standards to maintain customer trust. You will tackle a diverse array of security challenges, ranging from novel threats in Ads services to selecting and implementing scalable and secure features such as key management solutions and encrypted storage. Additionally, you will serve as a subject matter expert, providing guidance to developers on building secure products and fostering a security-conscious culture within the organization.
- Collaborate directly with service and platform owners to advise on security best practices and tool implementation.
- Perform comprehensive security assessments on SaaS implementations, data management systems, and reporting frameworks being used internally by Amazon Ads teams or externally by Amazon Ads customers.
- Coordinate and oversee penetration testing activities for platforms and tools.
- Identify security risks, report findings, and recommend solutions for complex security issues by leveraging existing set of detections and/or design new detections within Amazon's various security detection frameworks.
- Contribute to fostering a strong security culture at Amazon through knowledge sharing and collaboration.
- Engage in cross-team projects aimed at enhancing the security posture of Amazon and customer data throughout its lifecycle.
A day in the life
Activities in this role include:
- Identifying security issues and risks, review & approve mitigation plans for Ads products.
- Evaluating and recommending new and emerging security products and technologies.
- Influencing product teams and senior leadership to implement practices that maintain a high security bar.
- Participate in the design discussions and development of user stories for security automation
- Advising teams developing products on the correct components that deliver security features like key management, authentication, encryption, etc.
- Proposing, collaborating & obtaining buy-in on strategic security initiatives.
- Recommending and developing security-focused tools that help product teams prevent security misconfigurations & vulnerabilities in the design & implementation of features. Look for opportunities to automate, detect and move security to left in SDLC process.
- Developing and interpreting security policies and procedures to form security requirements.
- Developing training that promotes general security awareness and informs developers on how to discover & mitigate security vulnerabilities in their products.
- Deciding which new security tooling and strategies should be pursued for scalable security in service development.
- Supporting incident response activities as a security subject matter expert.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
We are open to hiring candidates to work out of one of the following locations:
Bellevue, WA, USA | New York, NY, USA BASIC QUALIFICATIONS - BS in Computer Science or related field, or equivalent work experience
- At least 5 years of experience in application security, threat modeling, secure coding, software development, secure software or system design
- At least 3 years of experience in a development or security role working with development team(s) that delivered commercial software or software-based services
- Advanced knowledge and understanding of any combination of the following: security engineering, system and network security, authentication and security protocols, cryptography, or application security
- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, routing protocols)
- Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
