Security Engineer AWS Security Hardware Supply Chain Security

Cloud security is our highest priority at AWS. As an AWS customer you benefit from an environment built to meet the requirements of the most securitysensitive organizations. As an AWS Security team member you will help secure that environment for our customers while working on security products for a variety of platforms and technologies all operating at AWS scale.

We are seeking an experienced Security Engineer to join the AWS Hardware Supply Chain Security team. The ideal candidate will have a strong background in mitigating security risks associated with external suppliers focusing on data sharing processes firmware analysis test code review and networking environments. In this role you will create threat models conduct due diligence on thirdparty vendors and service providers and perform onsite security reviews of physical and logical security at manufacturing facilities. You will also collaborate with penetration testing teams and participate in security lab investigations. This position requires occasional travel to factories for comprehensive security assessments.

The Hardware Supply Chain Security team evaluates the risk within AWS operating and supply chain environments and works with teams across the company to develop creative mitigations for the global AWS fleet. This holistic view of risk spans specific domains of hardware/firmware networking and human operations. In this role the security engineer will look across these areas to identify risks and propose mitigations. They will identify and mitigate security vulnerabilities in AWS data center operations and external party environments. Our team proactively identifies gaps vulnerabilities and solutions across the entire lifecycle of the datacenter.

As a security engineer you will:

1. Own relationships with customer teams dive deep to understand security risks and business challenges leveraging your years of broad and deep experience to help formulate and drive more secure outcomes.
2. Dive deep to understand where logical controls thwart physical and remote attackers.
3. Use threat models and devise strategies to prevent and detect remote attackers in our environments.
4. Manage risk and drive business success for AWS Security including global external party engagements.
5. Provide thought leadership portfolio management and technical guidance for the security direction of our external party risk management program.
6. Conduct security reviews of external party engagements to highlight areas of interest drive opportunities for stronger security practices and facilitate discussions with leadership to address security direction.
7. Develop solutions to complex business problems and apply appropriate technologies while following security engineering best practices.
8. Work on innovative solutions in partnership with vendors involving a wide variety of technologies including cloud services identity and access management machine learning mobile devices and custom hardware.
9. Provide guidance in areas of customer support access management secure network configurations and the security around tools used to support both operations and management of AWS engagements with technology vendors.

The ideal candidate should be a technically experienced and innovative security professional who can communicate effectively across technical teams. You should have the ability to handle a wide range of security requirements and translate those requirements into operational processes and procedures for cloud computing.

AWS operates at s large scale and demands high standards so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must. You will have the opportunity to learn from and be mentored by those who are building and securing AWSs innovative services.


Key job responsibilities
Manage security reviews and processes to qualify AWS vendors worldwide and validate the effectiveness of durable technical security controls specific to the use case

Identify technical risks and work with Security Engineers to implement security programs and processes to offer mitigations

Work with stakeholders to ensure new and existing processes are secure

Calibrate with broader team on security findings

Review processes to ensure secure mechanisms exist and validate security controls

Establish mechanisms to introduce security controls reducing individual reviews

About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description we encourage candidates to apply. If your career is just starting hasnt followed a traditional path or includes alternative experiences dont let it stop you from applying.

Why Amazon Security
At Amazon security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazons products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud devices retail entertainment healthcare operations and physical stores.

Work/Life Balance
We value worklife harmony. Achieving success at work should never come at the expense of sacrifices at home which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home theres nothing we cant achieve.

Inclusive Team Culture
In Amazon Security its in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas perspectives and voices.

Training and Career growth
Were continuously raising our performance bar as we strive to become Earths Best Employer. Thats why youll find endless knowledgesharing training and other careeradvancing resources here to help you develop into a betterrounded professional.

Bachelors degree in computer science or equivalent work experience.
Knowledge of networking protocols such as HTTP DNS and TCP/IP
2 years of thirdparty security hardware security and/or operational supply chain security experience
Ability to travel domestically and internationally for onsite security assessments

2 years of any combination of the following: threat modeling experience secure coding identity management and authentication software development cryptography system administration and network security experience
2 years of programming in Python Ruby Go Swift Java .Net C or similar object oriented language experience
Familiarity with modern semiconductor hardware manufacturing and supply chains.
Strong understanding of firmware security networking protocols and data protection
Experience with AWS products and services
Relevant certifications (e.g. CISSP CISM CEH)
Knowledge of internet fundamentals and cloud computing concepts

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.