Application Security Manager, reCycle Reverse Logistics

The re:Cycle Reverse Logistics (RRL) organization offers worldwide cloud computing providers with a centralized means to sort function test in-warranty return and disposition server and networking assets that break or are no longer needed in the fleet. The RRL Operations Integration team supports RRLs operations by developing and administrating the warehouse operational processes as well as the organizations cloud-based software solutions cross-service integrations and cross-organizational relationships that make our processes and systems (used by 400 operators worldwide) possible. The team is seeking a detail-oriented forward-thinking and self-motivated Application Security Manager to take ownership of the organizations proactive application security programs ensuring that the systems and integrations used to track RRLs assets is consistently and proactively secured in the wake of ongoing system changes in a fast-evolving technological landscape.

The Application Security Manager is the organizations primary owner for application security across our global portfolio of three cloud-based solutions responsible for establishing and sustaining the security posture of every application and integration our team owns. This is a net new role built on the belief that application security must be owned proactively not reactively by someone who hunts for vulnerabilities rather than waiting for them to surface. Our Application Security Manager will own penetration testing strategy and execution vulnerability identification and resolution security incident response threat modeling recurring security audits and automated security tooling across all three applications. They will ensure that authentication mechanisms credentials and secrets are consistently maintained and that all cross-organizational security commitments are honored. They will engage regularly with engineering and product teams to evaluate new feature designs and assess code for vulnerabilities before anything reaches production and will partner with compliance and vendor management teams to ensure third-party integrations are reviewed and implemented securely.

Key job responsibilities
Define and implement recurring penetration testing strategies to proactively identify application security vulnerabilities and drive them to resolution.
Conduct application code review evaluations and provide detailed assessments that highlight risks vulnerabilities and recommended remediations.
Manage application security incident response analysis root cause identification and repair to minimize impact and prevent recurrence.
Analyze cross-organizational integrations and automation equipment and lead associated vendor data and security reviews from documentation through resolution ensuring that only secured solutions are implemented.
Develop and maintain organizational threat models to identify emerging risks and ensure the team consistently raises the security bar across all applications.
Conduct recurring proactive security audits on application access points configurations integrations and upstream/downstream systems and internal and shared resources to identify and resolve accessibility and data security risks.
Develop formal documentation and security policies to effectively communicate our application security posture to a variety of internal and external stakeholders.
Maintain application credential authentication and secret management mechanisms to ensure access controls remain robust and current.

- Bachelors degree in Cybersecurity Information Security or a related field
- Experience in application security architecture security code reviews security testing incident response or security infrastructure
- Experience in one or more of the following: application security frameworks security code reviews incident response security infrastructure penetration testing mobile security cloud security AI security identity and access controls

- CISSP CISA CISM or other security certification
- Knowledge of one or more of the following domains: access-control system and methodology network security application- and system-development security security architecture and models cryptography and operations security
- Experience in vulnerability testing and auditing
- Experience in scripting programming or security code reviewing in a common language such as Python Java or C
- Experience with threat modeling and penetration testing or experience with virtualization (Hypervisors VMware Xen) and experience in deploying identity and access management systems

Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover invent simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( to know more about how we collect use and transfer the personal data of our candidates.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.