Security Engineer, Stores Security
Amazon
- Beijing
- Permanent
- Full-time
Advise and consult with internal customers on risk assessment, threat modelling, and vulnerability remediation.
Evaluate, architect, implement, and support security-focused tools and services.
Integrate knowledge of Cloud Security and Application Security fundamentals, including the shared responsibility model into adoption models and methods for internal customers.
Leverage your strong teamwork skills engaging with other engineering and operations teams spanning the entire technology stack - endpoints, networks, databases, and applications - to engineer and deploy cutting-edge defensive solutions to modern threats.
Use your solid understanding of authentication protocols, core system, mobile and application security principles along with your up-to-date understanding of modern attack patterns and methods to drive security into tools used by Amazonian's every day.
Draw heavily on your experience collecting, analyzing, and summarizing data from a variety of sources to create compelling written and verbal communications.
Evangelize security within Amazon and be an advocate for customer trust.
Perform penetration tests based on project requirements.
Review the incident response plan and acting as main POC for assigned systems and services.
Register all risks in the centralized risk repository.We are open to hiring candidates to work out of one of the following locations:Beijing, 11, CHNBASIC QUALIFICATIONS- 4+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
- Experience implementing security solutions at the business division level or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Bachelor's degree in computer science or equivalentPREFERRED QUALIFICATIONS- 5+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- Experience in generating automated metrics to measure IT security effectiveness and consistency, building production applications and services.
- Excellent leadership, teamwork and collaboration skills, Results-oriented, high energy, self-motivated, and excellent attention to detail
- Experience architecture, securing, and operating Amazon Web Services
- Experience working with remote teams
- Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts