Senior Security Engineer , Security & Regulatory Compliance

The Security and Regulatory Compliance (SRC) organization is comprised of teams that provide consistent high-level judgement to help Amazon businesses comply with security regulations, policies, and Amazon’s high bar for security. The Security Assurance Team serves as the primary security compliance team for Amazon. This role will provide advisory guidance to new and existing businesses at Amazon, and will conduct deep dives into critical security risk areas. If you enjoy working in a rapidly changing environment and influencing the strategic direction of a large global organization, this position will provide you with a challenging opportunity. You will be responsible for driving consensus across teams to define and influence the secure and compliant design of systems worldwide.

Bring your insight, imagination and a healthy disregard for the impossible. Join us in building and celebrating the value of security assurance. Unlock your career potential

Key job responsibilities

* Understands and rationalizes compliance requirements (ISO, NIST, SOX, PCI, HIPAA, GDPR and other regulatory compliance)
* Establishing credibility and maintaining strong working relationships with groups involved with Information Security and compliance teams (Info Sec, Legal, Internal Audit, Physical Security, Developer Community, Networking Systems, etc.)
* Collaborate with business/service teams to understand and validate security assessment scope.
* Review security controls - Logical Access, Change Management, Network Security, Cryptography, Data Privacy, Vulnerability Management etc.
* Responsible for building and influencing security as a core competency with internal teams/partners/vendor
* Provides business specific requirements and supports automation opportunities while working with Engineering teams.
* Helps drive continuous improvements to the InfoSec organization, the program management process, and control implementation projects in coordination with the service teams
* Developers broad domain and technical knowledge in AWS and Amazon corporate solutions including the operational processes and controls in place that support compliance programs
* Captures and tracks information security metrics and goals
* Clearly communicates deliverables, and project status to management and key technical and business stakeholders
* Delivers recommendations and risk interpretations in a clear, concise and audience-specific format

About the team
The Security Assurance Team serves as the primary security compliance team for Amazon. This role will provide advisory guidance to new and existing businesses at Amazon, and will conduct deep dives into critical security risk areas. If you enjoy working in a rapidly changing environment in a large, complex, and global organization, this position will provide you with a challenging opportunity. You should be an experienced technologist and innovative compliance professional who has the ability to understand business processes, effectively communicate with technical teams and business leaders, and be able to drive automated and scalable process improvements across the organization.

Basic Qualifications

BS in Computer Science or related field, or equivalent work experience
Minimum of 5 years of experience with at least three of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security
Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
Experience reading and writing in at least one programming language

Preferred Qualifications

* Master’s Degree in Auditing, Information Systems Management, Computer Science, Cyber Security, or other related fields
* 10+ years of experience in security or compliance consulting or advisory work in support of a highly technical and global environment
* Skilled in making complex business/risk trade-off recommendations and decisions
* Experience in technical security design, compliance consulting, or advisory work in support of a highly technical DevOps and cloud environment (eg. AWS Services)
* Security control and compliance experience in unified frameworks that include more than one of the following: ISO, NIST, PCI, HIPAA, GLBA, GDPR, NYDFS, etc.
* CISSP, CISA, CISM and/or other comparable security controls or audit certifications preferred
* Experience in program or project management
* Experience in control framework development and implementation
* Detailed understanding of evaluating the design and effectiveness of IT controls and experience working with auditors/regulators for these types of assessments
* Experience communicating audit/assessment results and remediation plans with leadership, and prioritizing and remediating findings with service/system owner


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.