Security Engineer, Audible Security

At Audible, we believe stories have the power to transform lives. It’s why we work with some of the world’s leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire each other. Imagine your future with us.

ABOUT THIS ROLE
As a Security Engineer at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers and Business Stakeholders to protect our customers and Audible’s business.

ABOUT THE TEAM
Audible Information Security team is looking for an experienced Security Engineer to join our world class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications and data assets. This role will be focused on managing risk across our business functions.

True to Audible’s People Principles, we are committed to the success of our people and supporting the communities in which we work. Our leadership team is dedicated to mentoring and coaching to help each individual identify their career goals, flourish, and achieve their potential. Our environment encourages everyone to participate. Our diverse team depends on differing backgrounds and perspectives to foster robust conversations that lead us to the right solutions for our customers.

As a Business Security Engineer, you will...
- Perform third party security risk assessment and due diligence, including managing questionnaire response, evidence verification, and report preparation
- Assess and secure third-party integrations, services, solutions and partnerships, ensuring controls are implemented to the highest security standards
- Assess, identify and develop recommendations regarding data protection, insider threat, data sharing, identity and access management
- Execute internal security and confidential information usage security assessments, audits, and investigations
- Assess and prioritize security assessment findings and recommend appropriate mitigations.
- Respond to security violations, vulnerabilities, and incident detections
- Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners
- Apply your security and business knowledge to drive secure and pragmatic improvements to Audible people, process, and assets, while guiding technical trade-offs between short versus long term security and business goals
- Contribute to / provide feedback on the development of security standards and control requirements
- Strong organizational and communication skills, with a demonstrated ability to work in a multi-tasking dynamic environment while maintaining a high level of ownership and accountability

ABOUT AUDIBLE
Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.- Bachelor's degree in computer science or equivalent
- Experience with AWS products and services
- Experience applying threat modeling or other risk identification techniques or equivalent
- Experience assessing, analyzing, and mitigating security risk related to third parties and business processes
- Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.)
- Experience with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy)- Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units
- MS in Cybersecurity, Computer Science, or other relevant degree
- Current knowledge around web and mobile application vulnerabilities, attacks, and mitigation methods
- Experience with developing and maintaining relevant security assessment risk metrics beyond vulnerability management
- Experience using GRC tools and technologies
- Proficient in at least one programming language
- Proficient in GenAi and GenAI security

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.