Scrm Security Engineer

3+ months agoSeattle, WA


AWS Supply Chain Risk Management (SCRM) is looking for Security Engineers who are eager to develop practical solutions that ensure AWS maintains a trustworthy and socially responsible global supply chain. In this role you will work in a supportive, collaboration-filled environment with internal security experts and external supply chain partners. You will help ensure the ongoing development of your team, perform security assessments of suppliers around the world, and apply your expertise to make everything around you more secure. You will interface with governments and customers around the world, and work with engineering partners to design and build new technical and procedural controls to mitigate supply chain risk throughout the entire lifecycle from initial design to final decommissioning.

A Security Engineer in Amazon is knowledgeable in multiple security domains and sought out for advice on technical issues. Efficient time management skills are required along with the ability to deliver results in the face of uncertainty. Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Successful security engineers are perceptive, empathetic, highly respected for their ability to handle difficult challenges, and demonstrate that they can reliably assess and mitigate risk using both objective data and experienced insight.

Work location is preferred in Seattle, Northern Virginia or Austin.

This position requires that the candidate selected be a US citizen. They need to obtain and maintain an active TS or SCI security clearance.


• Bachelor's degree in Computer Engineering/Science, Information Security, or related experience
• 5+ years experience in security assessment/audit, or supply chain security related roles.
• 3+ years of demonstrated experience in cloud or enterprise scale IT, networking, and/or application security.
• 3+ years experience in security engineering, including secure development, cryptography, network security, security operations, systems security, policy, and/or incident response.


• 5+ years experience related to security risk mitigation, providing guidance to improve security practices.
• 3+ years experience directly related to supply chain or manufacturing security.
• Practical knowledge of international supply chain and security compliance frameworks such as NIST 800-(30, 53, 88, 161, 171, and 172); ISO 27000, 28000, and 20243 series, NERC CIP, FedRAMP, CMMC, TAPA, etc.
• Experience applying network security architecture concepts, with knowledge of relevant protocols, enforcement and monitoring points, and defense-in-depth strategies.
• Experience informing or directly applying security configuration and defensive mitigations for enterprise server and network infrastructure, or Industrial Control Systems.
• Relevant industry certifications such as CISSP, Security+, CEH, or SANS (GSEC, GCIH, GDSA, GSNA, etc.)
• Some familiarity with AWS cloud services and concepts such as S3, EC2, KMS, and VPC.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Job ID: Amazon-1307639