• Senior Security Engineer

    Location US-WA-Seattle
    Posted Date 6 months ago(12/19/2017 7:09 AM)
    Job ID
    601938
    Company
    Amazon Web Services, Inc.
    Position Category
    Systems, Quality, & Security Engineering
  • Job Description

    Amazon Web Services (AWS) is the largest cloud computing provider in the world, and the incredible pace of our innovation never slows down. In 2016, we released 1,017 significant new services and features, and as of May 1st, we have launched 322 new features and services in 2017. AWS now has more than 90 headlining services that range from compute, storage, networking, database, analytics, application services, deployment, management, developer, mobile, Internet of Things (IoT), Artificial Intelligence (AI), security, hybrid, and enterprise applications.

    As a large and still rapidly growing business, AWS Security seeks out the very best security-minded individuals from around the world to help us protect not only the AWS cloud computing environment, but all of our customers as well!

    The AWS Hardware Infrastructure Security Team (HIST) is looking for an experienced Senior Security Engineer, specializing in hardware and data center technologies, to help ensure the global infrastructure supporting AWS is designed and implemented to the highest possible security standards. This mandate goes far beyond traditional enterprise network infrastructure and server design. Our fleet-wide security efforts must also focus on things like attached devices (storage, graphics, etc), Industrial Control Systems (ICS) (power, cooling, access control, fire suppression, etc), a wide variety of customized internal Amazon hardware within our data centers, and even other customer-facing services with hardware components such as AWS Snowball (https://aws.amazon.com/snowball/).

    As the primary technical and strategic advocate for a variety of AWS-wide security initiatives, you will help internal and external partners to design from the beginning with security in mind. This position will provide you with a challenging opportunity to drive the fundamental security baseline for everything underlying the global AWS cloud computing services business.

    This is not an entry-level position, and a confident understanding of hardware/firmware security and the ability to collaborate with other leaders across the industry are essential to success in this role. The Senior Security Engineer for this role is expected to be deeply familiar with multiple technical domains. In order to inform your recommendations and steer AWS in the right direction, you will often be called upon to provide direct, hands-on support for security assessments of networks, devices, and critical source code. Your skills and technical expertise will help us secure our networks, harden our software, evaluate the resiliency of our hardware, and ensure that we preserve the trust of millions of customers around the world.

    A Senior Security Engineer must produce results in the face of ambiguity and imperfect knowledge, and foster constructive dialogue and seek resolution when confronted with disagreement. They are also expected to mentor more junior engineers and be security thought leaders for their organization. Amazon’s Leadership Principles of “Dive Deep”, “Earn Trust”, and “Customer Obsession” will be called upon daily, so a successful candidate will need a combination of technical and communication skills, as well as the ability to handle a mix of complex decisions while keeping customer security first!

    Core Responsibilities:
    * Provide security expertise for truly massive hardware and data center infrastructure projects
    * Directly represent the team to business leaders and technical staff at all levels of the company
    * Perform hands-on security threat modeling, risk assessment, and operational security analysis
    * Drive improvements in all aspects of security, including supply chain & legal/regulatory areas
    * Prepare and present detailed, written technical information for internal and external audiences
    * Demonstrate *exceptional* judgment, integrity, business acumen, and communication skills

    Basic Qualifications

    * BS in Computer Science, Information Security, or related field, or equivalent work experience
    * Minimum of 6 years of experience with two or more of the following categories:
    -- Data center internals (leaf/spine networking, power/cooling, NTP, DHCP, DNS, IPMI/iLO)
    -- Cloud/Enterprise systems admin (state config, patching, inventory, flighting, change mgmt)
    -- Network security (SDN, VLAN, routing, IP ports/protocols, egress, DMZ, bastions, ACLs)
    -- Hardware security (JTAG, UART, SPI, ROM, custom ASIC/FPGA, tracing, soldering, etc)
    -- x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, Secure Boot)
    -- Security assessment (penetration testing, side-channel attacks, network traffic analysis)
    -- ICS/SCADA (PLC, RTU, HMI, Modbus/BACnet, NIST 800-82, gateway, ladder logic)
    * Minimum 3 years of experience supporting teams with design input and security risk analysis
    * Minimum 3 years of experience securing enterprise server systems and network architecture

    Preferred Qualifications

    * Meets/exceeds Amazon’s leadership principles requirements for this role
    * Meets/exceeds Amazon’s functional/technical depth and complexity for this role
    * Demonstrated understanding of crypto basics (encryption, signing, certificates, AES, RSA, etc)
    * 10+ years of experience in two or more of the categories above
    * Excellent written and verbal communication skills, and ability to drive toward consensus
    * Relevant industry certifications (CISSP, SANS/GIAC, CompTIA, Microsoft, Linux, Cisco)
    * Hands-on experience performing security assessments of hardware devices
    * Some knowledge of recognized security standards (TCG, NIST, FIPS, ISO 27000 series)
    * Some knowledge of hardware design (ROM/EEPROM, fuses, integrated circuits, NAND)
    * Some knowledge of AWS core services (EC2, S3, IAM, Kinesis, Lambda, KMS, VPC, etc)
    * Intermediate knowledge of crypto security (e.g. certificate handling, attestation, TPM/HSM)
    * Intermediate knowledge of Windows, Linux, and hypervisor security (especially in cloud)
    * Intermediate knowledge of common security protocols (e.g. RDP, TLS, SNMP, SSH, IPMI)
    * Expert knowledge of security risk management and technical security mitigation controls

    Amazon is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation.

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share this job