Privacy Engineer Incident Response

Devices and Services Trust and Privacy (DSTP) is responsible for maintaining and raising the trust bar for Amazon customers across a diverse set of 30 Devices and Services (D&S). DSTP offers horizontal services for builders to ensure trust privacy and accessibility is built into our products and services. We also build customerfacing capabilities that provides customers with control and transparency and reducing privacy risk while enabling partner teams to innovate with appropriate guardrails for content moderation privacy accessibility and trust.

The DSTP team is looking for a passionate Security and Privacy Incident Response Engineer who can lead the response to privacy and data protection issues across Devices & Services. You must thrive in dynamic/ambiguous situations and think like both an attacker and defender while working through the entire incident response lifecycle. Youll be working in a global team environment where clear and accurate communication and collaboration on privacy and data protection issues is critical.

In this role you will apply your creative and critical problem solving skills to quickly contain incidents and then work with crossfunctional teams to remediate the root cause. You must have a passion for engineering solutions to complex privacy and data governance challenges and recognize and fill gaps in capabilities. Above all you should be passionate about privacy information security the everchanging threat landscape and privacy/security automation and tooling.

Key job responsibilities
* Manage escalated privacy and trust risk events/cases from start to finish; write detailed case notes reports summaries short and longterm recommendations and tradeoff analyses for all audiences including senior leadership.
* Interact with and influence other teams (e.g. service teams engineering product legal); identify experts and stakeholders on other teams to support decisions on containing incidents or mitigating privacy and trust risks; build consensus and recommendations based on analysis of the nature of potential violations to Privacy Policies Promises or Legal/Regulatory requirements.
* Own successful delivery of large impactful and highly crossfunctional program initiatives while simultaneously tracking a set of smaller projects. Demonstrate comfort with handling technical investigations and analysis and provide actionable recommendations to senior leadership audience with minimal supervision.
* Develop deep knowledge of global privacy and data governance obligations processes best practices and solutions utilized by Amazon. Utilize this knowledge to provide recommendations and consultation to improve DSTP processes and tooling and reduce risk through control automation and enhancements.
* Establish metrics and regular reporting/escalation mechanisms for measuring results progress and gaps in performance and compliance.
* Communicate plans status and critical issues clearly and effectively.
* Support deep dive assessments and adhoc data analysis requests.

A day in the life
This is an inherently crossfunctional role where you will work directly with engineers product managers policy and compliance specialists legal PR Marketing and other Amazon builders to help them identify expediently contain/mitigate privacy incidents and risks and implement a Privacy by Design and Default culture. You will use your investigative and/or analytical experience and demonstrate your prowess and experience in writing and briefing complex cases. You will track risk assessment validation adjudication and remediation actions and ensure that teams prioritize and execute those tasks in a timely fashion. You will be responsible for knowing the ins and outs of impacted systems and ensure the impacted builders/owners follow the correct paths to compliance. You should be comfortable working in a fastpaced rapidly evolving environment with fast delivery time rapid iteration and datadriven decisionmaking.

About the team
This role is a part of Trust Fundamentals Privacy GRC team within DSTP which includes developing a set of processes tools and compliance mechanisms to improve leadership decision making and performance through an integrated view of how well D&S manages its unique set of privacy risks.

Our GRC team values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description we encourage candidates to apply. If your career is just starting hasnt followed a traditional path or includes alternative experiences dont let it stop you from applying.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures and are building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a betterrounded professional and enable them to take on more complex tasks in the future.

Bachelors degree in computer science or equivalent
5 years of any combination of the following: threat modeling experience secure coding identity management and authentication software development cryptography system administration and network security experience
CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud or CySA (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest

Experience applying threat modeling or other risk identification techniques or equivalent
3 years of programming in Python Ruby Go Swift Java .Net C or similar object oriented language experience
Experience in Security and Privacy Incident Response and proficiency in at least one of the following domains: Malware Analysis / Reverse Engineering; Digital Forensics; Security and Privacy Tool Development & Automation; Programming/Scripting; Data Protection; Identity and Access Management.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees supervisors and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees supervisors and staff to ensure exceptional customer service; and follow all federal state and local laws and Company policies. Criminal history may have a direct adverse and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above as well as the abilities to adhere to company policies exercise sound judgment effectively manage stress and work safely and respectfully with others exhibit trustworthiness and professionalism and safeguard business operations and the Companys reputation. Pursuant to the Los Angeles County Fair Chance Ordinance we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the San Francisco Fair Chance Ordinance we will consider for employment qualified applicants with arrest and conviction records.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136000/year in our lowest geographic market up to $212800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on jobrelated knowledge skills and experience. Amazon is a total compensation company. Dependent on the position offered equity signon payments and other forms of compensation may be provided as part of a total compensation package in addition to a full range of medical financial and/or other benefits. For more information please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.