Lead Sr. Security Engineer - Developer Engagement
Austin, Texas, USA
Amazon.com
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...
Amazon Prime Video Security is hiring motivated and experienced leaders at all levels to chart the course of Information Security within Prime Video. Together we are changing the way millions of customers interact with video content. The Prime Video team delivers movies, TV episodes and Live events to Amazon customers through subscriptions (Amazon Prime), channels as well as purchases and rentals. Amazon believes so deeply in the mission of Video that we've launched our own studio to create original and exclusive content. It's your responsibility to continue to accelerate this business, through novel technical contributions and building programs tha
A day in the life
As a successful Sr. Security Engineer in Prime Video Security, you will be seen as a strong leader who prioritizes well, communicates clearly and compellingly understands how to drive a high level of operational and strategic excellence within a team, while collaborating with a variety of internal and external business partners. You must show exemplary judgment in making technical trade-offs between short- versus long-term security and business goals. A successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts rather than older static based security paradigms, though being aware of the older best practices.
About the hiring group
Security Engagement is focused on security consulting on the use of AWS technologies, secure architectural and deployment strategies within Prime Video. Our focus areas include Edge and Delivery Security, AWS Security, Mobile Application and Device Security. You will be working on providing architectural guidance across Prime Video's most critical projects and have an executive mandate to design to the highest security standards. You will be supported by the Prime Video Security's Governance Risk and Compliance and Privacy pillar and campaign together to identify and reduce risk across Prime Video.
Developer Engagement is focused post- design and near- code release and subscribes to the Application Security "shift left" mentality. You will be responsible for shepherding the right mixture of code review tools to support the Prime Video software development engineer (SDE) community. You will work closely within similarly focused Application Security communities across Amazon and receive support from the Prime Video Security Engineering team to build and deploy state-of-the art code analysis and fuzzing tools.
Production Engagement is focused on post-release components of Prime Video's Information Security program. This team has a wide remit, including partnering with Prime Video Security's Content Protection team on software deployed to living room devices as well as the services that power these devices. Production Engagement includes red-team exercises, in-house and third-party penetration testing and running various Prime Video bug bounty programs. You will have support from partner teams across Amazon that are constantly innovating in the offensive security space. You will also be supported by Prime Video Security's Active Defense blue-team in the quest to find and remediate undetected vulnerabilities.
Job responsibilities
If you are passionate about the field of Information Security and desire to make a positive impact through delivery of projects that protect our customer data and earn their trust, this position will provide you with an unique opportunity in an environment of rapid innovation. The Information Security function within Prime Video is adopting an innovative organizational approach to engage the broad constituencies that we serve - from artists and content creators to our partners and viewership. You will be making an impact on studios, digital rights management (DRM) vendors, chipset vendors, content delivery networks and industry consortiums - even Amazon Web Services (AWS) and the broader Information Security program at Amazon. To support this breadth, your team has executive support as a critical overlay function to the Product Development Lifecycle, intersecting in three functions: Security Engagement, Developer Engagement and Production Engagement.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Basic Qualifications:
* Extensive and diverse experience working in the field of Information Security
* Experience in scaling application security programs measured against discovery of undisclosed or unknown vulnerabilities, through fuzzing (DAST), static-code analysis (SAST) and software composition analysis (SCA).
* Experience in addressing sizable program gaps through custom tools - examples might include custom network protocols or modern frameworks such as GraphQL that resist analysis by off-the-shelf tools.
* Significant experience managing large security efforts, delivering significant security improvements to large, highly complex systems
* Excellent analytical and interpersonal skills, with ability to communicate clearly and effectively with developers, product managers, and senior business leaders with security metrics to influence decisions
* Excellent executive communications or technical writing; clear, concise, and thorough written and oral communication skills.
* High sense of ownership, urgency, and drive
* Experience in multiple offensive security engineering disciplines, including red-teaming, penetration testing, code reviews, and vulnerability assessments
* Experience in identifying and quantifying security issues and risks, and developing mitigation plans
* Experience working in industry standards groups, influencing external technology & business leaders
A day in the life
As a successful Sr. Security Engineer in Prime Video Security, you will be seen as a strong leader who prioritizes well, communicates clearly and compellingly understands how to drive a high level of operational and strategic excellence within a team, while collaborating with a variety of internal and external business partners. You must show exemplary judgment in making technical trade-offs between short- versus long-term security and business goals. A successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts rather than older static based security paradigms, though being aware of the older best practices.
About the hiring group
Security Engagement is focused on security consulting on the use of AWS technologies, secure architectural and deployment strategies within Prime Video. Our focus areas include Edge and Delivery Security, AWS Security, Mobile Application and Device Security. You will be working on providing architectural guidance across Prime Video's most critical projects and have an executive mandate to design to the highest security standards. You will be supported by the Prime Video Security's Governance Risk and Compliance and Privacy pillar and campaign together to identify and reduce risk across Prime Video.
Developer Engagement is focused post- design and near- code release and subscribes to the Application Security "shift left" mentality. You will be responsible for shepherding the right mixture of code review tools to support the Prime Video software development engineer (SDE) community. You will work closely within similarly focused Application Security communities across Amazon and receive support from the Prime Video Security Engineering team to build and deploy state-of-the art code analysis and fuzzing tools.
Production Engagement is focused on post-release components of Prime Video's Information Security program. This team has a wide remit, including partnering with Prime Video Security's Content Protection team on software deployed to living room devices as well as the services that power these devices. Production Engagement includes red-team exercises, in-house and third-party penetration testing and running various Prime Video bug bounty programs. You will have support from partner teams across Amazon that are constantly innovating in the offensive security space. You will also be supported by Prime Video Security's Active Defense blue-team in the quest to find and remediate undetected vulnerabilities.
Job responsibilities
If you are passionate about the field of Information Security and desire to make a positive impact through delivery of projects that protect our customer data and earn their trust, this position will provide you with an unique opportunity in an environment of rapid innovation. The Information Security function within Prime Video is adopting an innovative organizational approach to engage the broad constituencies that we serve - from artists and content creators to our partners and viewership. You will be making an impact on studios, digital rights management (DRM) vendors, chipset vendors, content delivery networks and industry consortiums - even Amazon Web Services (AWS) and the broader Information Security program at Amazon. To support this breadth, your team has executive support as a critical overlay function to the Product Development Lifecycle, intersecting in three functions: Security Engagement, Developer Engagement and Production Engagement.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Basic Qualifications
Basic Qualifications:
* Extensive and diverse experience working in the field of Information Security
* Experience in scaling application security programs measured against discovery of undisclosed or unknown vulnerabilities, through fuzzing (DAST), static-code analysis (SAST) and software composition analysis (SCA).
* Experience in addressing sizable program gaps through custom tools - examples might include custom network protocols or modern frameworks such as GraphQL that resist analysis by off-the-shelf tools.
* Significant experience managing large security efforts, delivering significant security improvements to large, highly complex systems
* Excellent analytical and interpersonal skills, with ability to communicate clearly and effectively with developers, product managers, and senior business leaders with security metrics to influence decisions
* Excellent executive communications or technical writing; clear, concise, and thorough written and oral communication skills.
* High sense of ownership, urgency, and drive
Preferred Qualifications
Preferred Qualifications:* Experience in multiple offensive security engineering disciplines, including red-teaming, penetration testing, code reviews, and vulnerability assessments
* Experience in identifying and quantifying security issues and risks, and developing mitigation plans
* Experience working in industry standards groups, influencing external technology & business leaders
Tags: Application security AWS Code analysis Compliance DAST Governance Offensive security Pentesting Privacy SAST Vulnerabilities
Perks/benefits: Team events
Region:
North America
Country:
United States
Job stats:
6
0
0
Categories:
Leadership Jobs
Security Engineering Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs