Help us protect not only the Amazon Web Services (AWS) cloud computing environment but all of our customers as well! Since 2006, our great team at AWS has been enabling our customers to bring great ideas to life in ways that arent possible in traditional IT environments. With AWS you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them.
As a large and still rapidly growing business, AWS Security seeks out the very best security-minded individuals from around the world to help us protect not only the AWS cloud computing environment, but all of our customers as well.
AWS Security is looking for an experienced Senior Security Engineer, specializing in Identity and Access Management technologies, to help ensure AWS services are designed and implemented to the highest possible security standards. You will be responsible for supporting AWS service teams in the secure design of services.
As the primary technical and strategic advocate for a variety of AWS-wide security initiatives, you will help internal and external partners to design from the beginning with security in mind.
This is not an entry-level position, and a deep understanding of Identity and Access Management and the ability to collaborate with other leaders across the industry are essential to success in this role. The Senior Security Engineer for this role is expected to be deeply familiar with multiple technical domains. In order to inform your recommendations and steer AWS in the right direction, you will often be called upon to provide direct, hands-on support for security engineering of AWS services.
A Senior Security Engineer must produce results in the face of ambiguity and imperfect knowledge, and foster constructive dialogue and seek resolution when confronted with disagreement. They are also expected to mentor more junior engineers and be security thought leaders for their organization. Amazons Leadership Principles of Dive Deep, Earn Trust, and Customer Obsession will be called upon daily, so a successful candidate will need a combination of technical and communication skills, as well as the ability to handle a mix of complex decisions while keeping customer security first!
* Provide deep IAM security expertise in support of AWS service teams
* Directly represent the team to business leaders and technical staff at all levels of the company
* Perform hands-on security threat modeling, risk assessment, and operational security analysis
* Prepare and present detailed, written technical information for internal and external audiences
* Demonstrate *exceptional* judgment, integrity, business acumen, and communication skills
* BS in Computer Science, Information Security, or related field, or equivalent work experience
* 3+ years of experience working with crypto basics (encryption, signing, certificates, SHA, AES, RSA, etc)
* 3+ years of working experience with basic network security (DHCP, DNS, SSH, ACLs, common ports)
* Minimum 1 year security assessment (penetration testing, network traffic analysis)
* Minimum 2 years of experience supporting teams with design input and security risk analysis
* Minimum 4 years of experience with one or more of the following categories:
-- AWS IAM (Policies, Roles, AWS Signature v4, STS, Role Assumption, Federation)
-- Common authentication technologies (OAuth, OpenID, RADIUS, Kerberos, etc.)
* Meets/exceeds Amazons leadership principles requirements for this role
* Meets/exceeds Amazons functional/technical depth and complexity for this role
* 6+ years of experience in the categories above
* Excellent written and verbal communication skills, and ability to drive toward consensus
* Relevant industry certifications (CISSP, SANS/GIAC, CompTIA, Microsoft, Linux, AWS)
Amazon is an Equal Opportunity-Affirmative Action Employer Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation.
Associated topics: attack, cybersecurity, identity access management, information security, information technology security, malicious, phish, protect, threat, violation