Security Assurance Specialist, Buy with Prime
Seattle, Washington, USA
Amazon.com
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...
Are you passionate about security, compliance and risk management? Do you have experience with global cybersecurity standards and regulations? Have you performed security-compliance assessments of large enterprises? Do you see cybersecurity as a business enabler? If you answered YES to these questions and enjoy working in a rapidly changing environment which is as challenging as it is rewarding, this position may be for you.
Amazon Buy with Prime and Multi-Channel Fulfillment organizations are looking for a highly motivated and experienced security specialist ready to partner across Amazon tech and security groups to assess and secure our services and data.
This security specialist will drive programs focused on providing multiple cross-cutting capabilities such as security at launch, compliance at launch, remediation support, and risk management. This is a hands-on role that will take ownership of security assessments, risk analysis and remediation processes, and help drive the evolution of future strategy and operations. You will collaborate closely with internal security teams, development teams, program managers, and other partners across Amazon to continually refine how we reduce risk and delight our customers.
You will act as a key member of the team responsible for ensuring security is embedded early into Amazon dev-teams including performing security-compliance assessments, working with tech teams on practical and scalable remediation, raising security awareness, mentoring your peers, and enabling security by design. You will work independently and navigate through ambiguity when program strategy is not defined, and deliver results. You will also be able to earn trust to establish credibility and maintain strong working relationships with all peers and stakeholders (Security, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, etc.).
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, Multi-Channel Fulfillment, AWS and other Amazon orgs.
This is a role within a team that prioritizes a strong work-life balance, mental and physical health, and that will support you and help you grow further as a seasoned security professional.
Key job responsibilities
- INTERNAL SECURITY ASSESSMENTS: Lead thorough security assessments of internal services to identify vulnerabilities, risks, and compliance issues, become an expert in service architectures, threat models, implemented controls, and gaps in controls.
- REMEDIATION PRIORITIZATION AND TRACKING: Guide the development teams to develop innovative solutions to complex technical challenges at Amazon-scale, prioritize remediation tasks based on risk level and impact.
- ASSIST COMPLIANCE CERTIFICATION EFFORTS: Gauge control readiness through assessments, recommending appropriate remediations and establishing considerations for applying security, privacy, and compliance controls in a complex cloud environment.
- DISCOVER AND COMMUNICATE RISK: Identify process improvement opportunities and high risk areas to inform the business owners and leaders through clear communication, effective writing and earning trust with all stakeholders.
- BE A SECURITY SUBJECT MATTER EXPERT: Educate, raise awareness, and drive priority on threats, attacks, vulnerabilities and countermeasures. Mentor and develop peers, influence product roadmaps, and serve as the cybersecurity domain SME for partner teams.
- LEARN AND BE CURIOUS: Develop broad domain and deep technical knowledge in AWS and Amazon 3PL business solutions including the operational processes and controls in place that support internal security and compliance programs.
A day in the life
A Security Specialist on our team will often find themselves:
- Owning and driving large-scale programs at Amazon-scale
- Conversing with our service teams about architecture, security, and compliance
- Force multiplying the assessment of our services and features against a control framework
- Driving and assisting with projects to improve our team and our business
- Mentoring peers and raising security awareness
- 5+ years of IT, risk & assurance and cybersecurity experience.
- +2 years of working directly with engineering teams as a security-professional experience.
- Have a deep understanding of cybersecurity concepts, industry regulatory standards, and pragmatic enterprise best practices.
- Bachelor’s Degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields
- Basic understanding of cloud and enterprise security controls like identity and access management, encryption, audit logging and monitoring, backup and recovery, supply chain security, etc.
- CISSP, CISA, CISM, AWS Solutions Architect Associate/Professional, AWS Security Specialty and/or other comparable security controls or audit certifications preferred.
- 1+ year of experience in performing and/or participating in technical audits/assessments
- Experience communicating assessment results and remediation strategy with senior leadership, and prioritizing and remediating findings with service/system owners
- Experience in IT program or project management and/or control framework development and implementation.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Amazon Buy with Prime and Multi-Channel Fulfillment organizations are looking for a highly motivated and experienced security specialist ready to partner across Amazon tech and security groups to assess and secure our services and data.
This security specialist will drive programs focused on providing multiple cross-cutting capabilities such as security at launch, compliance at launch, remediation support, and risk management. This is a hands-on role that will take ownership of security assessments, risk analysis and remediation processes, and help drive the evolution of future strategy and operations. You will collaborate closely with internal security teams, development teams, program managers, and other partners across Amazon to continually refine how we reduce risk and delight our customers.
You will act as a key member of the team responsible for ensuring security is embedded early into Amazon dev-teams including performing security-compliance assessments, working with tech teams on practical and scalable remediation, raising security awareness, mentoring your peers, and enabling security by design. You will work independently and navigate through ambiguity when program strategy is not defined, and deliver results. You will also be able to earn trust to establish credibility and maintain strong working relationships with all peers and stakeholders (Security, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, etc.).
We operate in a hyper-growth environment where priorities shift quickly, so a passion and discipline around security and delivery is critical. You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Buy with Prime, Multi-Channel Fulfillment, AWS and other Amazon orgs.
This is a role within a team that prioritizes a strong work-life balance, mental and physical health, and that will support you and help you grow further as a seasoned security professional.
Key job responsibilities
- INTERNAL SECURITY ASSESSMENTS: Lead thorough security assessments of internal services to identify vulnerabilities, risks, and compliance issues, become an expert in service architectures, threat models, implemented controls, and gaps in controls.
- REMEDIATION PRIORITIZATION AND TRACKING: Guide the development teams to develop innovative solutions to complex technical challenges at Amazon-scale, prioritize remediation tasks based on risk level and impact.
- ASSIST COMPLIANCE CERTIFICATION EFFORTS: Gauge control readiness through assessments, recommending appropriate remediations and establishing considerations for applying security, privacy, and compliance controls in a complex cloud environment.
- DISCOVER AND COMMUNICATE RISK: Identify process improvement opportunities and high risk areas to inform the business owners and leaders through clear communication, effective writing and earning trust with all stakeholders.
- BE A SECURITY SUBJECT MATTER EXPERT: Educate, raise awareness, and drive priority on threats, attacks, vulnerabilities and countermeasures. Mentor and develop peers, influence product roadmaps, and serve as the cybersecurity domain SME for partner teams.
- LEARN AND BE CURIOUS: Develop broad domain and deep technical knowledge in AWS and Amazon 3PL business solutions including the operational processes and controls in place that support internal security and compliance programs.
A day in the life
A Security Specialist on our team will often find themselves:
- Owning and driving large-scale programs at Amazon-scale
- Conversing with our service teams about architecture, security, and compliance
- Force multiplying the assessment of our services and features against a control framework
- Driving and assisting with projects to improve our team and our business
- Mentoring peers and raising security awareness
Basic Qualifications
- 5+ years of IT, risk & assurance and cybersecurity experience.
- +2 years of working directly with engineering teams as a security-professional experience.
- Have a deep understanding of cybersecurity concepts, industry regulatory standards, and pragmatic enterprise best practices.
- Bachelor’s Degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields
- Basic understanding of cloud and enterprise security controls like identity and access management, encryption, audit logging and monitoring, backup and recovery, supply chain security, etc.
Preferred Qualifications
- Masters degree in Computer Science, Technical Auditing, Information Systems Management, Cyber Security, or other related fields.- CISSP, CISA, CISM, AWS Solutions Architect Associate/Professional, AWS Security Specialty and/or other comparable security controls or audit certifications preferred.
- 1+ year of experience in performing and/or participating in technical audits/assessments
- Experience communicating assessment results and remediation strategy with senior leadership, and prioritizing and remediating findings with service/system owners
- Experience in IT program or project management and/or control framework development and implementation.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $91,800/year in our lowest geographic market up to $196,300/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Job stats:
0
0
0
Tags: Audits AWS CISA CISM CISSP Cloud Compliance Computer Science Encryption IAM Monitoring Privacy Risk analysis Risk management Security assessment Strategy Vulnerabilities
Perks/benefits: Career development Equity / stock options Health care Startup environment
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Officer jobsSenior Cybersecurity Engineer jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsInformation Security Specialist jobsCyber Security Specialist jobsSecurity Consultant jobsSenior Network Security Engineer jobsIT Security Engineer jobsSystems Engineer jobsSecurity Specialist jobsSenior Information Security Analyst jobsIT Security Analyst jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsSystems Administrator jobsSenior Penetration Tester jobsInformation System Security Officer (ISSO) jobsStaff Security Engineer jobsThreat Intelligence Analyst jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsSecurity Operations Analyst jobsCloud Security Architect jobs
Encryption jobsForensics jobsJava jobsTop Secret jobsEDR jobsRMF jobsSaaS jobsGDPR jobsIDS jobsSplunk jobsDoDD 8570 jobsIPS jobsSQL jobsSDLC jobsIntrusion detection jobsBash jobsActive Directory jobsThreat detection jobsCompTIA jobsITIL jobsDocker jobsGIAC jobsFinance jobsCRISC jobsOWASP jobs
SANS jobsUNIX jobsIndustrial jobsTerraform jobsTCP/IP jobsClearance Required jobsHIPAA jobsJavaScript jobsOSCP jobsIT infrastructure jobsCCSP jobsBanking jobsSOC 2 jobsVPN jobsDNS jobsCISO jobsPolygraph jobsData Analytics jobsSOX jobsSAP jobsNIST 800-53 jobsJira jobsGCIH jobsMITRE ATT&CK jobsGSEC jobs