Returning Candidate?

Sr. Security Engineer

Sr. Security Engineer

Job ID 
Posted Date 
Amazon Web Services, Inc.
Position Category 
Systems, Quality, & Security Engineering
Recruiting Team 
North American Teams - AWS

Job Description

At Amazon, we’re working to be the most customer-centric company on earth. To get there, we need exceptionally talented, bright, and driven people. If you’d like to help us build the place to find and buy anything online, this is your chance to make history.

The Data Center Global Services organization is looking for exceptional individuals to join our SCADA security team as a Security Engineer. As a Security Engineer, you will drive, architect, and implement the core functionalities and critical enhancements to our global infrastructure to make it the most secure environment available.

Your responsibilities will include:
  • Focusing on real-time mission critical technologies of security: SCADA, electrical power, building management and other control systems
  • Implementing and maintaining security policy
  • Advising development staff on application security
  • Host and network security tools and implementation
  • Coordinating intrusion and penetration tests
  • Leading design reviews for complex systems
  • Functionally decompose complex problems into simple, straight-forward solutions
  • Have a complete understanding of the various system interdependency and limitations
  • Understand business context to decisions made within and across groups
  • Identify security issues and risks, and develop mitigation plans
  • Architect, design, implement, support, and evaluate security-focused tools and services including project leadership roles
  • Advise and consult with internal customers on risk assessment, threat modeling and fixing vulnerabilities
  • Develop and interpret security policies and procedures
  • Evaluate and recommend new and emerging security products and technologies
  • Mentor junior members of the team
  • Develop and deliver training materials and perform general security awareness and specific security technology training
  • Participate in security compliance efforts
  • Participate in projects that develop new intellectual property

Basic Qualifications

  • B.S. Degree in Computer Science or equivalent. Must have solid working experience and knowledge of Windows
  • Unix/Linux operating systems experience development (at the kernel or device driver level), network protocols and hardware virtualization technologies
  • Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
  • At least 5 years of experience in infrastructure or application-level vulnerability testing and auditing
  • At least 2 years of system, network and/ or industrial controls security experience
  • Knowledge of controls protocols such as BACnet, Modbus, Modbus TCP/IP, LonWorks, and XML
  • Experience with the application of threat modeling or other risk identification techniques
  • Strong process and procedure ownership experience for system audits
  • Sharp analytical abilities and proven design skills
  • Consistent implementation of security solutions at the enterprise level
  • Excellent written and verbal communication skills
  • Excellent leadership skills and teamwork skills
  • Strong sense of ownership and drive
This position may require the applicant selected to obtain and maintain a Top Secret security clearance with Sensitive Compartmented Information (TS/SCI) eligibility and access. A US Government administered polygraph examination will be required. TS/SCI eligibility is not required to start; however, the applicant selected will be subject to a Single-Scope Background Investigation (SSBI) and must meet eligibility requirements for access to classified national security information. Applicants with a current SSBI, SBPR, or PPR, may be eligible for crossover in accordance with ICPG 704.

Preferred Qualifications

  • M.S. Degree in Computer Science or equivalent
  • Certification in SCADA or Industrial Control Systems (GICSP or equivalent)
  • Top Secret security clearance with Sensitive Compartmented Information (TS/SCI)
  • Experience with cloud computing technologies
  • Strong knowledge of data structures, algorithms, and designing for performance, scalability, and availability
  • Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
  • Experience with web-based applications and/or web services-based applications, especially at massive scale, are very applicable and helpful
  • Programming in C, C++, Java, Python, Perl, and/or Ruby
  • Scripting skills (e.g., Perl, shell scripting
  • Internet and operating system security fundamentals
  • Sharp analytical abilities and proven design skills
  • Strong sense of ownership, urgency, and drive
  • Demonstrated ability to achieve stretch goals in a highly innovative and fast paced environment
  • Experience with Agile Management