Amazon is already famous around the world for its incredible logistics network, and that robust network of customers and suppliers extends deep into the AWS cloud as well. The AWS Hardware Infrastructure Security Team (HIST) is looking is looking for a Security Engineer to help guide our global hardware supply chain security program. You will work with a team of professionals around the world to help assess and mitigate risks in partner manufacturing and logistics, contribute to new mechanisms for defense and response, and analyze the ever-shifting threat landscape to help us prioritize continuous improvement. You will have the opportunity to work in a supportive, collaboration-filled environment to build and secure the future of the cloud.
The HIST organization exists to direct strategic investments across AWS, and focuses relentlessly on achieving mitigations that eliminate risk in the most efficient and customer-obsessed way possible. If you have experience in areas such as modern semiconductor manufacturing and test, supply chain logistics, or physical facility and transport security, your expertise is needed more than ever and we are interested in talking to you!
In order to inform your recommendations and steer AWS in the right direction, you will be called upon to provide risk assessment and perspective on security controls for hardware manufacturing environments, our data centers, and critical infrastructure. This could include the digital aspects of manufacturing networks and systems, software development lifecycle (SDL) and image source control, audit mechanisms that are durable/repeatable, and a wide variety of other security controls. The ideal candidate will have past experience in hardware design validation, secure boot/TrustZone, and hardware security controls.
* Assess and prioritize security findings from hardware validation tests
* Perform hands-on threat modeling, risk assessment, and manufacturing security validation
* Security training and outreach to internal teams and external supply chain partners
* Travel as needed to provide insight and feedback to suppliers and data centers around the world
* Mentor! Learn! Constantly develop your own skills and guide others to improve their own
* 8+ years of experience in two or more of the categories above * Excellent written and verbal communication skills, and ability to drive toward consensus
* Relevant industry certifications (CISSP, SANS/GIAC, CompTIA, Microsoft, Linux, AWS) * Hands-on experience performing security assessments of hardware/embedded devices
* Knowledge of recognized security standards (TCG, IEEE, NIST, FIPS, PCI-DSS)
* Knowledge of hardware design (ROM/EEPROM, fuses, integrated circuits, NAND)
* Some knowledge of AWS core services (EC2, S3, IAM, Greengrass, Lambda, KMS, VPC)
* Intermediate knowledge of common security protocols (e.g. RDP, TLS, SNMP, SSH, IPMI)
* Intermediate knowledge of hardware cryptography (certificates, attestation, TPM/HSM)
* Intermediate knowledge of embedded/IoT solution design and security considerations
* Expert knowledge of security risk management and technical security mitigation controls
* MS in Computer Science, Information Security, or related field, or equivalent work experience
* Demonstrated grasp of crypto basics (encryption, signing, certificates, SHA, AES, RSA, etc) * Demonstrated grasp of basic network security (DHCP, DNS, SSH, ACLs, common ports)
* Minimum 2 year security architecture, or assessment techniques and technologies
* Minimum 5 years of experience with two or more of the following categories: -- IoT network technologies (Z-Wave, Zigbee, Bluetooth/BLE, WLAN, identity/auth security) -- Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA) -- x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, secure boot) -- Local encryption and key management (LUKS, BitLocker, self-encrypting drives, etc) -- PKI and code signing architecture (X.509, EV SSL, certificate pinning, OCSP, CRL, etc)