SCRM Sr. Security Engineer
- Arlington, VA
Amazon has created some of the most game-changing technologies in the world. From the introduction of the Kindle, to Fulfillment by Amazon, we have consistently driven change from the front of the pack. In cloud computing, Amazon Web Services (AWS) provides a highly reliable, scalable, and low-cost cloud infrastructure platform that powers thousands of businesses in over 190 countries. AWS' Infrastructure Supply Chain & Procurement (ISCaP) organization works to deliver cutting-edge solutions that invent and simply how we source, build and sustain our data center supply chains. We are a team of highly-motivated, engaged, and responsive professionals who support the core infrastructure of Amazon business. Come join our team and be a part of history as we deliver results for the largest cloud services company on Earth!
We are seeking a Senior Security Engineer to help guide our global Supply Chain Risk Management (SCRM) program. You will lead a team of professionals around the world to help assess and mitigate risks in partner manufacturing and logistics, contribute to new mechanisms for defense and response, and analyze the ever-shifting threat landscape to help us prioritize continuous improvement. You will have the opportunity to work in a supportive, collaboration-filled environment to build and secure the future of the cloud.
In this role, you will be the senior security engineering voice for a distributed, multi-disciplinary team. Your team will direct strategic investments to maintain visibility and control of all data center assets, and administer the complex and ever-changing aspects of our SCRM program in every region we do business. You will conduct site and supplier security assessments, interface with governments and customers around the world, and work with engineering partners to design and build new technical and procedural controls to mitigate supply chain risk throughout the entire lifecycle from initial design to final decommissioning.
In order to inform your recommendations and steer AWS in the right direction, you will be called upon to provide risk assessment and perspective on security controls for hardware manufacturing environments. This could include physical aspects of facilities such as cameras and storage areas, digital aspects of manufacturing networks and systems, software development life cycle (SDLC) and image source control, audit mechanisms that are durable/repeatable, and a wide variety of other security controls. Indicators for success in this role include past experience leading strategic programs, working with technical equipment manufacturing operations, and a solid understanding of supply chain business considerations such as component sourcing, process optimization, logistics and customs, etc.
Work location is Seattle, Austin, or Northern Virginia.
• Bachelor's or advanced degree in Computer Engineering/Science, Information Security, or related field, or at least four additional years of experience in lieu of a degree
• 10+ years in hardware or supply chain security
• 8+ years of experience leading global or regional program initiatives or implementation of a process
• Experience developing security features successfully released to external customers
• Active US Federal Government TS/SCI security clearance
• Experience in two or more of the following:
Threat modeling, security risk analysis, or security compliance assessment/auditing
International supply chain and security compliance frameworks such as FIPS 140-2, NIST 800-(30, 53, 161, 171, and 88), ISO 27000, 28000, and 20243 series, NERC CIP, ICD 731, FedRAMP, CMMC, TAPA
Manufacturing systems, process control, or international shipment logistics and regulations
Security configuration and defense for enterprise server and network infrastructure, or Industrial Control Systems
• Expertise in hardware attack/defense, including sophisticated side channel mitigations to defeat thermal, acoustic, radio frequency, and power differential analysis
• Expertise in anti-tampering and anti-counterfeit technologies such as hardware roots of trust, blockchain, detection and identification taggants, physically unclonable functions (PUF), and reactive countermeasures
• Knowledge of international labor, safety, and environmental standards and industry alliances
• Knowledge of AWS cloud services and concepts such as S3, EC2, Kinesis, and VPC
• Track record of complex project delivery, effective organizational development, and strategic business insight
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us
Back to top