Description

The AWS Hardware Supply Chain Security (HSCS) Team is looking for a Security Engineer to help guide our global hardware supplier and manufacturing security program. You will work with a team of professionals around the world to help assess and mitigate risks in partner manufacturing and logistics, contribute to new mechanisms for defense and response, and analyze the ever-shifting threat landscape to help us prioritize continuous improvement. You will have the opportunity to work in a supportive, collaboration-filled environment to build and secure the future of the cloud.

The HSCS team exists to direct strategic investments across AWS, and focuses relentlessly on achieving mitigations that eliminate risk in the most efficient and customer-obsessed way possible. If you have experience in areas such as modern semiconductor manufacturing and test, hardware/firmware analysis, or supply chain security your expertise is needed more than ever and we are interested in talking to you!

In order to inform your recommendations and steer AWS in the right direction, you will be called upon to provide risk assessment and forensic analysis on hardware sampled from the AWS supply chain and to provide perspective on security controls for hardware manufacturing environments. This could include physical aspects of facilities such as cameras and storage areas, digital aspects of manufacturing networks and systems, software development lifecycle (SDLC) and image source control, audit mechanisms that are durable/repeatable, and a wide variety of other security controls. The ideal candidate will have past experience in technical equipment manufacturing operations, and a solid understanding of supply chain business considerations such component sourcing, process optimization, logistics and customs, etc.

A day in the life

In this role, you will assess risks to AWS originating at suppliers, and own the specification and shepherding of security requirements for hardware/firmware lifecycle processes. You will work with fellow security professionals from across Amazon as well as supplier and data center operations teams to partner in keeping the AWS supply chain secure.

Job responsibilities

• Assess and prioritize security findings and recommend appropriate mitigations

• Perform hands-on threat modeling, risk assessment, and manufacturing security validation

• Security training and outreach to internal teams and external supply chain partners

• Travel as needed to provide insight and feedback to suppliers and data centers around the world

• Mentor! Learn! Constantly develop your own skills and guide others to improve their own

This role requires frequent travel (up to every other week) to suppliers and is therefore a fully remote role. Our team is mission focused and puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why this role is focused on doing the needful to reduce security risk in the supply chain rather than a specific location.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.

Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Basic Qualifications

• Bachelor's degree in computer science or equivalent

• Knowledge of networking protocols such as HTTP, DNS and TCP/IP

• Familiarity with modern semiconductor hardware manufacturing and supply chains.

Preferred Qualifications

• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience

• Experience with AWS products and services

• Experience with programming languages such as Python, Java, C+Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.