MULTIPLE POSITIONS AVAILABLE
Company: Amazon Web Services, Inc., an Amazon.com company
Position Title: Security Engineer II
Location: Herndon, VA
Design and coordinate cohesive responses to security events such as penetration testing, network and service configuration. Advise on security policy compliance, handle data confidentiality issues, and monitor and respond to emerging threats. Define and create the processes, tools, and auto-detection technologies that monitor internal systems. Build security utilities and tools for internal use to ensure operations proceed at high speed and wide scale. Evaluate the impact to the organization of current security advisories, publications, and academic research papers. Recognize, adopt, and instill the best practices in security engineering fields throughout the organization: development, cryptography, network security, security operations, and incident response. Provide subject matter expertise on architecture, authentication, authorization, access control and system security. Provide information security support during events impacting tier one customer-facing services. Identify and troubleshoot recurring issues and escalate appropriately for full resolution. Conduct sophisticated security reviews. 24/7 support may be required.
Amazon.com is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation #0000
Ideal candidate profile
Master's degree or foreign equivalent in Computer Science, Computer Engineering, Information Systems, Cybersecurity, Information Security, or a related field and one year of experience in the job offered or a related occupation. Employer will accept a Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Cybersecurity, Information Security, or a related field and five years of work experience as equivalent to the Master's degree and one year of experience. Must have one year of experience in the following skill(s): application of threat modeling or other risk identification techniques; knowledge of system security vulnerabilities and remediation techniques, including penetration testing using: BurpSuite, Metasploit, Nessus, or nmap in a Windows or Linux environment; experience with standard Internet protocols and utilizing tools such as Wireshark packet analysis and iptables; and building automated tools using: Python, Shell scripting, BASH scripting, Java, C, C++, or Perl.