Amazon is already famous around the world for its incredible logistics network, and that robust network of customers and suppliers extends deep into the AWS cloud as well. The AWS Hardware Infrastructure Security Team (HIST) is looking is looking for a Security Engineer to help guide our global hardware supply chain security program. You will work with a team of professionals around the world to help assess and mitigate risks in partner manufacturing and logistics, contribute to new mechanisms for defense and response, and analyze the ever-shifting threat landscape to help us prioritize continuous improvement. You will have the opportunity to work in a supportive, collaboration-filled environment to build and secure the future of the cloud.
The HIST organization exists to direct strategic investments across AWS, and focuses relentlessly on achieving mitigations that eliminate risk in the most efficient and customer-obsessed way possible. If you have experience in areas such as modern semiconductor manufacturing and test, supply chain logistics, or physical facility and transport security, your expertise is needed more than ever and we are interested in talking to you!
In order to inform your recommendations and steer AWS in the right direction, you will be called upon to provide risk assessment and perspective on security controls for hardware manufacturing environments. This could include physical aspects of facilities such as cameras and storage areas, digital aspects of manufacturing networks and systems, software development lifecycle (SDL) and image source control, audit mechanisms that are durable/repeatable, and a wide variety of other security controls. The ideal candidate will have past experience in technical equipment manufacturing operations, and a solid understanding of supply chain business considerations such component sourcing, process optimization, logistics and customs, etc.
* Assess and prioritize security audit findings and recommend appropriate mitigations
* Perform hands-on threat modeling, risk assessment, and manufacturing security validation
* Security training and outreach to internal teams and external supply chain partners
* Travel as needed to provide insight and feedback to suppliers and data centers around the world
* Mentor! Learn! Constantly develop your own skills and guide others to improve their own
* 5+ years of experience in two or more of the technical categories above
* An understanding of network concepts such as OSI Layers, routing and subnets, encryption, and DNS
* Experience with security assessment frameworks (NIST, CIS Top 20, OWASP, ISO 27000 series)
* Practical understanding of AWS cloud services and concepts such as S3, EC2, Lambda, and VPC
* Track record of complex project delivery, effective organization, and business insight
· Meets/exceeds Amazon’s leadership principles requirements for this role
· Meets/exceeds Amazon’s functional/technical depth and complexity for this role
Please reach out to Lauren Bartini (firstname.lastname@example.org) for more information.
Amazon is an Equal Opportunity Employer – Minority / Women / Disability / Veteran / Gender Identity / Sexual Orientation / Age
* BS in Computer Engineering/Science, Information Security, or related field, or equivalent work experience
* Minimum of 3 years of experience in hardware or supply chain security, with demonstrated experience in any combination of the following:
-- Threat modeling and security risk analysis
-- Security or compliance assessment/auditing
-- Manufacturing systems or process control
-- Physical facility or shipping logistics security
-- IT security configuration and defense for enterprise server and network infrastructure