Security Engineer, Stores Payments Security

Come build the future with us! In Payments Security, we protect foundational systems and products that allow Amazon to accept payments for all goods, content and services that people buy at Amazon and around the world. We are looking for a high caliber, innovative Security Engineer to lead Security for Amazon Payments’ most critical businesses protecting mission-critical services and customer experiences. You will focus on securing the ecosystem in Amazon Payments that processes millions of transactions every day across dozens of countries and payment methods. Over 100 million customers and merchants send tens of billions of dollars through our systems annually. We are re-inventing the vision of our platform to provide our internal and external clients the best payment gateway service.Payments Security owns full-stack Product Security for Payments across Amazon and its business units, deeply supporting the Global Payments businesses. We are part of Amazon's broader Stores Security organization responsible for protecting Amazon’s global information assets. We partner across global Payments business units to innovate in full-stack security (data, application, network, containers, infrastructure), ensuring our Payments applications and infrastructure are secure-by-design from concept to launch and into continuous operations. We are a strategic security partner to our Payments businesses ensuring we uphold the highest security bar for our production and pre-production systems, balancing short-term mitigations with long-term secure-by-design architectural solutions, making Security simpler and differentiated.We provide security “In the Cloud” and enable scalable mechanisms for software developers and systems to meet Amazon’s security and privacy requirements. We are both a customer and a partner to AWS in raising security awareness, providing scalable tools, and protecting shared infrastructure.This position will provide you with a challenging and rewarding opportunity to solve difficult security problems at planetary scale. As a security engineer you will help ensure that customer data is secure across Amazon Payments products and services. You will help define short-term and long-term security strategy. You will balance your efforts between strategic and operational deliverables. You will have the opportunity to work with talented security and other engineering teams within Amazon. You care deeply about keeping Amazon customers data secure and therefore are passionate about finding, and mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization (technical and non-technical). The successful candidate must be autonomous, comfortable operating in highly ambiguous situations, and must deliver results in a fast-paced environment.A Security Engineer in Amazon will be strong in multiple security domains and sought out for advice on technical issues. Efficient time management skills are required along with the ability to deliver results in the face of uncertainty. Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. The successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts.Key job responsibilities- Perform security reviews including secure design and architecture, threat modeling, secure code reviews, security testing, and security certifications- Identify security gaps in applications, services, or products both internally developed and third party solutions- Determine findings criticality taking into account the relevant business, technical, and threat environment, and provide actionable long-term and short-term risk mitigation recommendations taking into account the business context.- Communicate findings to relevant stakeholders through a combination of verbal or written reports. Identify owners, and drive mitigation of findings within established SLAs- Produce reports that describe the work performed for technical and non-technical audiences, and record findings and supporting evidence following established policies and procedures. Create relevant documentation, security guidance, and metrics to report to your stakeholders and business leaders, and deliver these in a clear, concise manner- Design, develop, deploy, and maintain security automation, secure-by-default solutions, and other solutions that will enable security engineering scaling while raising the security bar.- Develop a broad and deep technical understanding of the services and architectures pertaining to Amazon Payments. Contribute to the short and long-term security strategy to ensure that products are designed and built securely by design while improving the secure software development life-cycle (SSDLC).- Lead new, reocurring, or ah-hoc security initiatives with end-to-end ownership. Participate in security escalations support including on-call rotation.- Support for mentoring, team building, recruiting and onboarding activities.- Must be a kind human who enjoys working in a fun teamWe are open to hiring candidates to work out of one of the following locations:Austin, TX, USA

Basic Qualifications

- BS in Computer Science, Information Security, or equivalent professional experience- 4+ years of experience in application security, product security, or systems security- 3+ years of experience in penetration testing, offensive security, or red teaming • Deep technical understanding of OWASP Top 10, and SANS 25 vulnerability identification and remediation and 3+ years of experience securing cloud services such as AWS, Azure, and Google Cloud- 1+ years writing production-level code in at least one scripting or compiled language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++- Proven experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation.

Preferred Qualifications

- Master’s degree in Computer Science, Information Security, Computer Engineering, Electrical Engineering or equivalent- Relevant industry certifications from SANS, GIAC, CISSP, OSCP, etc.- 3+ years of software development experience with at least one programing language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++- Experience driving multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders- ABOUT AmSec:- Diverse Experiences: Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.- Why Amazon Security: At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.- Work/Life Balance: We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- Inclusive Team Culture: In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.- Training and Career growth: We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.- EEO - Amazon is committed to a diverse and inclusive workplace to deliver the best results for our customers. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status; we celebrate the diverse ways we work. For individuals with disabilities who would like to request an accommodation, please let us know and we will connect you to our accommodation team. You may also reach them directly by visiting please https://www.amazon.jobs/en/disability/us.- Training and Career growth: We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.