Amazon

Returning Candidate?

Industrial Control Systems Engineer - Security

Industrial Control Systems Engineer - Security

Job ID 
531290
Location 
US-WA-Seattle
Posted Date 
11/9/2017
Company 
Amazon Corporate LLC
Position Category 
Systems, Quality, & Security Engineering
Recruiting Team 
..

Job Description

You have tens of thousands of controllers across dozens of countries, hundreds of millions of lines of code, billions of fulfillment transactions, and one of the largest fulfillment networks in the world. Now go secure it. At Amazon, we obsess over our customers, and ensuring our customers’ trust is our first priority. To earn that trust in an environment as vast and where threats grow ever more sophisticated requires building a world-class security team to tackle never-before-seen challenges at dizzying scales. Here in Amazon, you will not just be using cutting-edge technologies in the IIoT space; you will be inventing them. Help us deliver amazing!

Amazon Fulfillment Technology (AFT) is looking for a security minded engineer, focused on Industrial Control Systems, to help ensure that our fulfillment systems are designed and implemented for the security challenges of Insustry 4.0, leveraging IIoT technology. You will be responsible for analyzing the security of PLC, robotics, and other IIoT solutions. This cutting-edge role integrates vulnerability discovery, addressing security issues and quickly reacting to new threat scenarios with high availability design and system hardening. This position will provide you with a challenging opportunity to work across development team to design and build secure solutions, participate in and coordinate penetration testing activities, and generally solve security challenges at massive scale.

Key Responsibilities
  • Development of software used to harden and stabilize industrial automation devices (PLC, IPC, SCADA, Slave Devices)
  • Develop software based solutions for multiple layers of Security around Industrial Controls and Automation, blended with network management solutions
  • Ability to provide technical direction and act as a subject matter expert as it relates to cyber security in industrial control systems
  • Perform Security Risk Assessments, identify security issues and risks, and develop mitigation plans
  • Interpret information security policies, and procedures to various business lines and IT teams
  • Evaluate and recommend new and emerging security products and technologies
  • Participate in auditing projects to ensure security policies, requirements and best practices are effectively applied
  • Assist security incident response teams with investigation, resolution and closure of incidents
  • Educate partner teams on the technologies of Industrial Control Systems and Information Security
Amazon is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation


Basic Qualifications

  • Bachelor’s degree in Computer Science, Electrical Engineer, Robotics or related discipline
  • At least 2 years of experience working with Industrial Control Systems (ICS) or SCADA systems
  • At least 1 year of Information Security experience
  • Experience with Risk (threat) analysis techniques
  • Experience writing clear system requirements
  • Experience developing and executing test plans against requirements
  • Fluent in IEC-61131-3 languages
  • Proficient in any modern programming language (for example, Java, C#, C++, Ruby, Python,…)
  • Knowledge of network and web related protocols (e.g., TCP/IP, UDP, HTTP, HTTPS, FTP, Ethernet/IP, ModbusTCP, EtherCAT)



Preferred Qualifications

  • MS in Computer Science or equivalent desired
  • Experience with security engineering, system and network security, authentication and security protocols, cryptography, and application security
  • Familiarity with security frameworks such as NIST 800-53r4, NISTIR 7628
  • Experience with security engineering, system and network security, authentication and security protocols, cryptography, and application security
  • Experience with network and web related protocols (e.g., TCP/IP, UDP, HTTP, HTTPS, FTP, Ethernet/IP, ModbusTCP, EtherCAT)
  • Knowledge of secure network and web related protocols (e.g., IPSEC, HTTPS, routing protocols)
  • Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits is desired