Amazon Information Security is seeking a Security Engineer to drive architectural reviews, threat models and develop requirements for corporate IAM adoption efforts, and support of Amazon’s Corporate Identity and Access Management program. You will leverage your strong teamwork skills as you and your teammates engage with other engineering and operations teams across Amazon to implement a corporate IAM program to manage human identity (e.g. employees, contractors, vendors) and authentication initiatives across Amazon’s global enterprise. The successful candidate will lead the development of policies and procedures for the identity lifecycle, drive programs that improve authentication infrastructure across a complex global corporate environment and lead a single-threaded team of IAM SMEs providing identity consulting services across the enterprise.
Data-driven decisions are important to Amazon. You will draw heavily on your experience collecting, analyzing, and summarizing data to create compelling written and verbal communications to fellow Amazonians at all levels. These communications will convey your requirements, recommendations, and needs to guide the near-term and long-term Corporate IAM program goals.
If you are excited about the challenges and opportunities described here and you have the background, education, and experience to excel in the tasks outlined, we’d love to talk with you further about our company, the team, and how you are uniquely qualified to join us!
Amazon is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation.
Minimum 2 years of experience in identity and access management (IAM) programs
Demonstrable knowledge of current technologies in authentication, federation, and identity management space, such as OAuth 2.0, OpenID Connect, SAML, SCIM, U2F/UAF/FIDO2, HOTP
Familiarity with using biometrics for authentication and managing related privacy considerations
Familiarity with relevant identity-oriented standards, such as NIST800-63 and GDPR
At least 6 years of security experience with one or more domains in the common body of knowledge (CBK)
Technical knowledge in security engineering, authentication and federation protocols, cryptography, and application security
Knowledge of system security vulnerabilities and remediation techniques
Experience communicating with technical and non-technical stakeholders across multiple business units
Excellent written and verbal communication skills.
Excellent teamwork and collaboration skills
At least 2 years' experience in information security threat modeling, design and architecture reviews, and risk analysis.
Bachelor’s Degree in Information Security, CS, or related discipline