Amazon Payments Services build systems that process payments at an unprecedented scale, with accuracy, speed, and mission-critical availability. We process millions of transactions every day worldwide across various payment methods. Over 100 million customers and merchants send hundreds of billions of dollars moving at light-speed through our systems annually. We are growing a new team to innovate and provide a seamless payment experience to our customers across all platforms like mobile, web, voice etc.
We are looking for a highly skilled, experienced, and motivated senior security engineer to join our Application Security team. This team owns all aspects of security for the features in the next generation of Amazon's core payments platform
As a senior security leader, you will
· secure the design and implementation of the most critical systems within Amazon's core payments platform
· solve security challenges at a massive scale in a security-first, infrastructure as code, 100% AWS environment
· partner closely with our development teams to produce innovative and secure solutions,
· proactively perform security assessments to prevent security vulnerabilities,
· perform security testing before release,
· conducting trainings and hackathons to raise developer awareness of security best practices,
· be expected to be strong in multiple domains and will be sought out for advice on technical issues,
· have excellent time management skills along with the ability to deliver results in the face of uncertainty, and
· foster strong team culture.
A successful candidate will be a deeply curious individual who brings technical and leadership expertise, and ability to work within a fast-paced startup culture in a large company that has broad business impact. This is a rare opportunity to get in on the ground floor and start on the Amazon Payments innovation as a security leader.
· Experience with multiple programming languages (such as, Java, Python, Perl, Scala, etc.)
· Experience with vulnerability risk and impact assessment
· Experience in driving large, cross-organization initiatives
· Ability to make concrete progress in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
· Strong information security risk-based prioritization abilities
· Information security professional certifications encouraged (SANS GIAC, CISSP etc.)
· Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts
Ideal candidate profile
· BS in computer science, networking, information systems, computer engineering, or 6+ years’ equivalent experience
· Minimum of 6 years’ experience in identifying security issues and risks, and developing mitigation plans
· Minimum of 6 years’ experience in software architecture, design, implementation
· Minimum of 6 years’ experience in cryptography, application security, threat modeling, penetration testing
· Minimum of 4 years' scripting or programming experience in Java, Python, Perl, Scala, or other languages
· Minimum of 2 years' experience performing secure code review
· Minimum of 2 years' hands-on experience using and/or securing AWS or other cloud computing environments
- Minimum of 2 years’ experience in executive communications or technical writing; clear, concise, and thorough written and oral communication skills.
· Results oriented, high energy, self-motivated