Industry Security Specialist , Alexa

Job summary
The Devices and Services (D&S) Security team works to ensure that Amazon’s products and services are designed and implemented to the high standards required to maintain and enhance customer trust. Security and Privacy are paramount to maintaining customer trust. We help build trusted products, maintain and operate trusted environments, and advocate trust to customers and stakeholders. We work closely with Amazon’s Devices and Services teams which design and engineer high-profile consumer electronics, including the best-selling Kindle family of products, Amazon Echo, Fire tablets, Amazon Fire TV, Echo Show, Echo Spot, and more.
The Role:
Amazon’s Digital Security team is looking for a Security Specialist to ensure that services within the Alexa family are designed and implemented to maintain our customer's trust. This is a role for someone who wants to review and invent solutions for the relatively new technology domain of Voice Assistants.
In this role, you will work on security problems in a wide range of scenarios associated with Alexa services. You will help identify novel threats for innovative voice offerings. You will help product teams identify scalable & secure solutions for Alexa (e.g. key management solutions, encrypted storage, etc). You will aid in the development of training that is relevant to the Alexa Organization. You will cultivate a culture and community within the Alexa organization. You will be a key role in ensuring that Alexa maintain customer trust.
Activities in this role include:
• Identifying security issues and risks, review & approve mitigation plans in Alexa services.
• Influencing product teams to implement practices that maintain a high security bar.
• Advising teams on the correct components that deliver security features like key management, authentication, encryption, etc.
• Proposing, collaborating & obtaining buy-in on strategic security initiatives for the Alexa Organization.
• Recommending and developing security-focused tools that help product teams prevent security misconfigurations & vulnerabilities in the design & implementation of Alexa features.
• Developing and interpreting security policies and procedures to form security requirements.
• Developing and delivering training that promotes general security awareness and informs developers on how to discover & mitigate security vulnerabilities in their products.
• Deciding which new security tooling and strategies should be pursued for scalable security in Alexa service development.
• Serve as an escalation resource in evaluating security issues discovered by the first tier of security support within product teams.
• Supporting incident response activities as a security subject matter expert.
• Support the review of static & dynamic analysis reports.

Basic qualifications
• Bachelor’s degree in Computer Science, Computer Engineering or related field.


Preferred qualifications
• Master’s degree in Computer Science, Computer Engineering or related field.
• Experience in secure design reviews.
• Knowledge of common mistakes that result in security vulnerabilities.
• Experience with the application of threat modeling and other risk identification techniques.
• Experience with service-oriented architecture and web services security
• Detailed knowledge of system and remediation techniques, including penetration testing and the development of exploits
• Knowledge of network and related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Experience with Amazon Web Services (S3, EC2, Lambda, Etc)
• Experience with scripting (e.g., python, bash, etc)
• Knowledge of security domains and body of knowledge and how to implement them.
• Excellent leadership skills and teamwork skills
• Results oriented, high energy, self-motivated

Basic Qualifications

• Bachelor’s degree in Computer Science or related experience.

Preferred Qualifications

• Ability to create secure designs and execute code reviews.
• Working knowledge of common mistakes that result in security vulnerabilities.
• Ability to build and apply threat models and other risk identification techniques.
• Experience with service-oriented architecture and web services security
• Detailed knowledge of system and remediation techniques, including penetration testing and the development of exploits
• Knowledge of network and related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Experience with Amazon Web Services (S3, EC2, Lambda, Etc)
• Development experience in Java or similar languages
• Experience with scripting (e.g., python, bash, etc)
• Implementation knowledge of cryptographic features like Hashing, Encryption, Signing as well as working knowledge of common software implementations of OpenSSL
• Working knowledge of TLS, Software Development lifecycle , x.509 certificates, compile-time hardening capabilities, etc.
• Excellent leadership skills and teamwork skills
• Results oriented, high energy, self-motivated

keyword: DSTS



Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.