Senior Security Engineer, Physical Stores Tech Security

Job summary
Amazon Physical Stores Technology Security organization is looking for a Security Engineer who can help ensure our stores, devices, applications, services, and systems are designed and implemented to the highest security standards and resilient to the modern threats. You will also help with security assessments, implementations, risk analysis, threat modeling, vulnerability management and security reviews across all elements of Amazon Physical Stores technologies. You will tackle challenging, novel situations every day and, given the size of this initiative, you will have the opportunity to work with multiple technical teams at Amazon in different locations. You should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before. Along the way, we guarantee that you will learn a ton, have fun and make a positive impact on millions of people.

Key job responsibilities
In this role, you will help ensure devices, applications, services, and systems that are part of our ecosystem are designed and implemented to the highest standards and resilient to the modern threats. If you enjoy analyzing the security of systems that span from hardware to cloud services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will lead security implementations, security attestations, certifications, risk assessments, security audits, threat modeling, and security reviews for our Physical Stores technologies. Additionally, as a Sr Security Engineer on our team, you will:
• Support the decision-making process and solutioning at various levels to ensure that we are meeting requirements, simplifying business processes, and overall raising the security bar for our customers;
• Drive and implement technical and business projects to improve security risk posture of Amazon Physical Store technologies;
• Manage security compliance posture of Amazon Physical Stores Technologies which includes scope identification and validation, annual assessments, technical implementations and continuous monitoring of evolving compliance requirements;
• Perform investigations into security processes and identify opportunities for automation to drive efficiency at scale.

About the team
We’re building an entirely new retail experience with no lines and no checkout. Our checkout-free shopping experience is made possible by our Just Walk Out Technology, which automatically detects when products are taken from or returned to the shelves and keeps track of them in a virtual cart. When a customer is done shopping, they just walk out! Shortly after, their credit card is charged for their purchases and a receipt is sent. In addition to Just Walk Out technology, we are creating a variety of other exciting customer experiences through inventions like Amazon One and Amazon Dash Cart. These products use a variety of technologies including computer vision, sensor fusion, and advanced machine learning. Innovation is part of our DNA! Our goal is to be Earth's most customer centric company, and we are just getting started. We need people who want to join an ambitious program that continues to push the state of the art in computer vision, machine learning, distributed systems and hardware design.

Basic Qualifications

• BS degree in a technical discipline or equivalent experience in an IT-related field.
• 6+ years of technical experience in project/program management with a proven ability to work effectively across organizations.
• 5+ years of traditional security and cybersecurity experience such as – Security Solution/Tool Implementations, Risk Management Framework, Payment Security, Compliance Management and Remediation.
• 5+ years of information security governance and implementation.
• 5+ years of security engineering experience focusing on cryptography, data protection, application security or network security
• 3+ Experience in leading and driving compliance programs such as PCI DSS, SOC 2.

Preferred Qualifications

• Knowledge of threat modeling or other risk identification techniques, system security vulnerabilities and remediation techniques.
• Familiarity with common attack patterns and exploitation techniques.
• Solid foundation in service-oriented and web-service technologies to be able to understand service inter-dependencies and drive towards technical solutions for multi-tiered systems.
• Strong understanding of security & privacy controls and frameworks such as NIST, ISO etc.
• Experience in implementing security technologies and driving large scale implementation such as tokenization, P2PE encryption.
• Experience with systems engineering implementation of cloud computing services.
• Comfort and experience with cross-organizational communication; excellent written and verbal communication skills.
• Demonstrated experience driving overall strategy and teams across organizations.
• Security certifications such as CISSP, CISM, AWS Security certifications are encouraged.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.