Security Engineer II - 82818-28

Job summary
Employer: Amazon Data Services, Inc., an Amazon.com Company
Position: Security Engineer II, (multiple positions available)
Location: Seattle, WA

Duties
Define, design, build, and operate new services from end to end in collaboration with industry leading security experts. Integrate successful experiments into large scale, highly complex production services. Build complex systems that turn machine/deep learning and AI research into great products for customers. Rapidly design and conduct large scale experiments in a high-ambiguity environment, making use of both quantitative and business judgment. Work within an agile team to translate business requirements from senior leadership into tools and services that will influence how the AWS Security team securely deliver the worlds largest cloud platform. Plan, optimize, and automate operational, tactical, and strategic decision-making. Create sane processes, procedures, and automation to improve efficiency in day-to-day tasks and projects. Implement highly scalable automated solutions to assist the business team with visualization and metrics reporting to AWS Security Leadership. Evaluate, architect, and code support security-focused tools and services. Advise and consult with CloudFront software engineers on risk assessment, threat modeling, and vulnerability remediation. Integrate knowledge of Cloud Security fundamentals, including cryptography and the shared responsibility model into adoption models and methods for internal customers and partners. Use understanding of authentication protocols, core network, and system security principles along with up-to-date understanding of modern attack patterns and methods to drive security into regularly used tools.

Basic Qualifications

Position Requirements
Bachelor's degree or foreign equivalent degree in Computer Science, Information Systems, Engineering or a related field. Three years of experience in the offered position or a position in a related occupation. Three years of experience must include:
•Configuring firewalls/routers/switches (cisco, juniper) for securing L3 traffic flow for external web services of enterprise-level websites against external threats;
•Tracing network packet flow in complex networking architectures using packet analyzer tools, including Wireshark and TCPdump for in-depth analysis of ACL rules required for regulating traffic flow;
•Building and writing software solutions using scripting language, including Python/Bash for automating network device configuration by applying security controls on network devices interfaces;
•Creating and configuring continuous integration and deployment (CI/CD) pipelines for deploying service oriented architecture based solutions;
• Architecting and implementing security controls around SaaS services against cyber threats by using defensive/compensatory controls, including minimizing attack surface, Authentication, Authorization, and least privilege; and
•Designing and implementing audited access control frameworks for infrastructure running enterprise applications (for humans and services) in compliant environments (SOC2, FedRAMP).
In lieu of a Bachelor’s degree and three years of experience, as stated above, will accept a Master’s degree or foreign equivalent and one year of experience. Telecommuting permitted. Up to 10% travel required.

Type: Full-time #0000

Preferred Qualifications

Please see Basic Qualifications (Position Requirements) above.


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.