Security Engineer

The AWS Hardware Supply Chain Security (HSCS) team is looking for a Security Engineer to help guide our global hardware supplier and manufacturing security program. You will work with a team of professionals around the world to help assess and mitigate risks in partner manufacturing and logistics, contribute to new mechanisms for defense and response, and analyze the ever-shifting threat landscape to help us prioritize continuous improvement. You will have the opportunity to work in a supportive, collaboration-filled environment to build and secure the future of the cloud. The HSCS team exists to direct strategic investments across AWS, and focuses relentlessly on achieving mitigations that eliminate risk in the most efficient and customer-obsessed way possible. If you have experience in areas such as modern semiconductor manufacturing and test, hardware/firmware analysis, or supply chain security, your expertise is needed more than ever and we are interested in talking to you! In order to inform your recommendations and steer AWS in the right direction, you will be called upon to provide risk assessment and forensic analysis on hardware sampled from the AWS supply chain and to provide perspective on security controls for hardware manufacturing environments. This could include physical aspects of facilities such as cameras and storage areas, digital aspects of manufacturing networks and systems, software development lifecycle (SDLC) and image source control, audit mechanisms that are durable/repeatable, and a wide variety of other security controls. The ideal candidate will have past experience in technical equipment manufacturing operations, and a solid understanding of supply chain business considerations such component sourcing, process optimization, logistics and customs, etc. In this role, you will assess risks to AWS originating at suppliers, provide direction to the AWS Security Hardware Lab on how to improve risk detection, and own the specification and shepherding of security requirements for hardware/firmware lifecycle processes. You will work with fellow security professionals from across Amazon as well as supplier and data center operations teams to partner in keeping the AWS supply chain secure. Job responsibilities include assessing and prioritizing security findings and recommending appropriate mitigations, performing hands-on threat modeling, risk assessment, and manufacturing security validation, providing security training and outreach to internal teams and external supply chain partners, and traveling as needed to provide insight and feedback to suppliers and data centers around the world. Mentor! Learn! Constantly develop your own skills and guide others to improve their own.

Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced lifeboth in and outside of work. Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we're building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future. Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences. Amazon's culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Basic Qualifications include a Bachelors Degree or Equivalent Work Experience and familiarity with hardware and firmware development and deployment. Minimum of 5 years of experience in hardware or supply chain security, with demonstrated experience in any combination of the following: threat modeling and security risk analysis, security or compliance assessment/auditing, manufacturing systems or process control, physical facility or shipping logistics security, IT security configuration and defense for enterprise server and network infrastructure.

Preferred Qualifications include 5+ years of experience in two or more of the technical categories above, an understanding of network concepts such as OSI Layers, routing and subnets, encryption, and DNS, experience with security assessment frameworks (NIST, CIS Top 20, OWASP, ISO 27000 series), experience working in/with a forensic hardware lab, practical understanding of AWS cloud services and concepts such as S3, EC2, Lambda, and VPC, and a track record of complex project delivery, effective organization, and business insight.