Amazon

Returning Candidate?

Security TPM III

Security TPM III

Job ID 
453996
Location 
US-VA-Herndon
Posted Date 
10/9/2017
Company 
Amazon Web Services, Inc.
Position Category 
Project/Program/Product Management--Technical
Recruiting Team 
..

Job Description




Are you up to the challenge of helping secure the largest managed infrastructure in the world? The EC2 Security team is looking for security TPMS who are ready to roll up their sleeves and dive into security issues at scale. We are looking for people with a passion for keeping customers secure by engineering novel solutions to complex security challenges. EC2 needs people who seek root causes like they are quests in Middle Earth, slaying dragons as a matter of course. Then once done, switching metaphors and immediately gracefully diving into a big data pool for more targets, like an orca showing off in the Puget Sound.
This position requires a person with a security background who will show EC2's security leadership by proactively identifying security flaws and vulnerabilities, quickly determining the potential risk of externally reported issues, driving for the right architecture decisions across many different teams to harden our infrastructure, and educating other members of the security operations team.
Security Engineering is part of how we keep our customer safe in a continuously changing world. As part of this, you will:
  • Triage and respond to security issues, and quickly determine mitigations that work at scale.
  • Define and create the processes, tools, and auto-detection technologies to mitigate abusive activities, such as botnets, DDoS, and spamming
  • Partner with teams throughout the company to develop pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk
  • Show leadership by mentoring, and educating other members of the EC2 teams
  • Share on-call responsibilities to make sure we’re always ready when new threats emerge.
EC2 is continually responding to customer feedback with new functionality. As part of making sure everything we provide meets our customer’s security needs, you will:
  • Provide subject matter expertise on architecture, authentication, and system security
  • Conduct sophisticated security reviews - from high-level web application architecture to OS level parameters
  • Solve problems at their root, stepping back to understand the broader context, and implementing fixes to ensure that an issue will never happen again
  • Maintain an understanding of the Internet threat environment and how it affects the company and keep knowledge and skills current with the rapidly changing threat landscape
  • Improve EC2 Security service offerings to help our customers to protect their applications against attacks
Come join an amazing team of security experts to solve interesting security issues and keep EC2 safe for our customers. As part of your submission, please include in your cover letter a description of times you demonstrated great customer support, solved hard problems, or used dogged determination to see a solution all the way through. Please describe the events in a casual narrative voice, rather than a formal or bullet driven document.






Basic Qualifications

  • BS degree in Computer Science, MIS, Computer Engineering, or other technical degree or 4+ year's equivalent technology experience
  • Minimum of 4 years’ experience in one or more of the following: incident response, application security, network security, security operations, or network engineering.
  • Experience deploying, managing, or operating Linux, preferably in a datacenter environment.
  • Minimum of one year scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages.
  • Excellent written and oral communication skills
  • Strong sense of ownership, urgency, and drive
  • Sharp analytical abilities and proven technical architecture design skills
  • Experience in driving large cross team initiatives over a span of teams.

Preferred Qualifications

  • Previous experience on a Security Operations team, experience coordinating responses to security incidents, or operating in a SOC environment.
  • Demonstrated ability to achieve stretch goals in a highly innovative and fast paced environment
  • Experience in customer support, abuse management, incident handling, or forensics
  • Experience in Compliance Requirements (e.g. SOX, ISO, HIPPA, FedRamp, etc.)
  • Experience in automation of tasks through scripting or programming
  • Well-rounded background in host, network, and application security*Deep familiarity with standard Internet protocols (Ethernet, ARP, IP, ICMP, UDP, TCP, SSL, DNS, HTTP, etc.)
  • Experience with security best practices in server configuration, tool development, and access controls
  • Experience using, administrating, and deploying a variety of operating systems (esp Linux or other UNIX variants), preferably in a datacenter environment
  • Experience with Linux operating system development (at the kernel or device driver level) and virtualization technologies
  • Strong knowledge of data structures, algorithms, and designing for performance, scalability, and availability
  • Strong knowledge of web protocols and an in-depth knowledge of Linux/Unix tools and architecture
  • Security related certifications such as OSCP, CISSP, RHCSA, CompTIA Security+ Linux+, GIAC, GCIH, GCFA, GCIA, GPEN, GNFA, GCUX, CEH
  • Experience with TCP/IP, packet analysis, iptables
  • Data analysis skills using SQL, big data technologies (Hadoop/Pig/Hive/EMR), or scripting