Security Engineer, AWS Security, Hardware Supply Chain Security

Cloud security is our highest priority at AWS. As an AWS customer, you benefit from an environment built to meet the requirements of the most security-sensitive organizations. As an AWS Security team member, you will help secure that environment for our customers while working on security products for a variety of platforms and technologies, all operating at AWS’ scale.

We are seeking an experienced Security Engineer to join the AWS Hardware Supply Chain Security team. The ideal candidate will have a strong background in mitigating security risks associated with external suppliers, focusing on data sharing processes, firmware analysis, test code review, and networking environments. In this role, you will create threat models, conduct due diligence on third-party vendors and service providers, and perform on-site security reviews of physical and logical security at manufacturing facilities. You will also collaborate with penetration testing teams and participate in security lab investigations. This position requires occasional travel to factories for comprehensive security assessments.

The Hardware Supply Chain Security team evaluates the risk within AWS operating and supply chain environments and works with teams across the company to develop creative mitigations for the global AWS fleet. This holistic view of risk spans specific domains of hardware/firmware, networking, and human operations. In this role, the security engineer will look across these areas to identify risks and propose mitigations. They will identify and mitigate security vulnerabilities in AWS data center operations and external party environments. Our team proactively identifies gaps, vulnerabilities, and solutions across the entire lifecycle of the datacenter.

As a security engineer, you will:

1. Own relationships with customer teams, dive deep to understand security risks and business challenges, leveraging your years of broad and deep experience to help formulate and drive more secure outcomes.
2. Dive deep to understand where logical controls thwart physical and remote attackers.
3. Use threat models and devise strategies to prevent and detect remote attackers in our environments.
4. Manage risk and drive business success for AWS Security, including global external party engagements.
5. Provide thought leadership, portfolio management, and technical guidance for the security direction of our external party risk management program.
6. Conduct security reviews of external party engagements to highlight areas of interest, drive opportunities for stronger security practices, and facilitate discussions with leadership to address security direction.
7. Develop solutions to complex business problems and apply appropriate technologies while following security engineering best practices.
8. Work on innovative solutions in partnership with vendors, involving a wide variety of technologies including cloud services, identity and access management, machine learning, mobile devices, and custom hardware.
9. Provide guidance in areas of customer support, access management, secure network configurations, and the security around tools used to support both operations and management of AWS engagements with technology vendors.

The ideal candidate should be a technically experienced and innovative security professional who can communicate effectively across technical teams. You should have the ability to handle a wide range of security requirements and translate those requirements into operational processes and procedures for cloud computing.

AWS operates at s large scale and demands high standards, so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must. You will have the opportunity to learn from, and be mentored by, those who are building and securing AWS's innovative services.


Key job responsibilities
Manage security reviews and processes to qualify AWS vendors worldwide and validate the effectiveness of durable technical security controls specific to the use case

Identify technical risks and work with Security Engineers to implement security programs and processes to offer mitigations

Work with stakeholders to ensure new and existing processes are secure

Calibrate with broader team on security findings

Review processes to ensure secure mechanisms exist and validate security controls

Establish mechanisms to introduce security controls reducing individual reviews

About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.- Bachelor's degree in computer science or equivalent work experience.
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- 2+ years of third-party security, hardware security and/or operational supply chain security experience
- Ability to travel domestically and internationally for on-site security assessments- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 2+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Familiarity with modern semiconductor hardware manufacturing and supply chains.
- Strong understanding of firmware security, networking protocols, and data protection
- Experience with AWS products and services
- Relevant certifications (e.g., CISSP, CISM, CEH)
- Knowledge of internet fundamentals and cloud computing concepts

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.