Security Engineer - Supply Chain Risk Management

3+ months agoHerndon, VA


Amazon Web Services (AWS) provides a highly reliable, scalable, and low-cost cloud platform that powers thousands of businesses in over 190 countries. AWS' Infrastructure Supply Chain & Procurement (ISCaP) organization works to deliver cutting-edge solutions to source, build and maintain our socially responsible data center supply chains. We are a team of highly-motivated, engaged, and responsive professionals who enable the core sustainable infrastructure of AWS. Come join our team and be a part of history as we deliver results for the largest cloud services company on Earth!

We are seeking a Security Engineer to help guide our global Supply Chain Risk Management (SCRM) program. You will lead a team of professionals around the world to help assess and mitigate risks in partner manufacturing and logistics, contribute to new mechanisms for defense and response, and analyze the ever-shifting threat landscape to help us prioritize continuous improvement. You will have the opportunity to work in a supportive, collaboration-filled environment to build and secure the future of the cloud.

In this role, you will be the senior security engineering voice for a distributed, multi-disciplinary team. You will use your experience to develop and continuously improve SCRM practices, direct strategic investments across our supply chain, and administer the complex and ever-changing aspects of our supplier assessment program in every region we do business. You will support the training and execution of site and supplier security assessments, interface with governments and customers around the world, and work with engineering partners to design and build new technical and procedural controls to mitigate supply chain risk throughout the entire lifecycle from initial design to final decommissioning.

In order to inform your recommendations and steer AWS in the right direction, you will be called upon to provide risk assessment and perspective on security controls for hardware manufacturing environments. This could include physical aspects of facilities such as cameras and storage areas, digital aspects of manufacturing networks and systems, software development life cycle (SDLC) and image source control, audit mechanisms that are durable/repeatable, and a wide variety of other security controls. Indicators for success in this role include past experience leading strategic programs, working with technical equipment manufacturing operations, and a solid understanding of supply chain business considerations such as component sourcing, process optimization, logistics and customs, etc.

Work location is Seattle, Austin, or Northern Virginia.


• BS in Computer Engineering/Science, Information Security, or related
• 5+ years in security assessment/audit, hardware security, or supply chain security
• 5+ years of experience working with engineering teams to identify and clarify requirements


• Active US Federal Government TS/SCI security clearance
• Security certifications such as Security+, CEH, or SANS (GSEC, GCIH, GDSA, GSNA, etc)
• Experience in two or more of the following:
Threat modeling, security risk analysis, or performing security reviews for technology services
International supply chain and security compliance frameworks such as FIPS 140-2, NIST 800-(30, 53, 161, 171, and 88), ISO 27000, 28000, and 20243 series, NERC CIP, ICD 731, FedRAMP, CMMC, TAPA
Manufacturing systems, process control, or international shipment logistics and regulations
Security configuration and defense for enterprise server and network infrastructure, or Industrial Control Systems
• Expertise in hardware attack/defense, including sophisticated side channel mitigations to defeat thermal, acoustic, radio frequency, and power differential analysis
• Expertise in anti-tampering and anti-counterfeit technologies such as hardware roots of trust, blockchain, detection and identification taggants, physically unclonable functions (PUF), and reactive countermeasures
• Knowledge of international labor, safety, and environmental standards and industry alliances
• Knowledge of AWS cloud services and concepts such as S3, EC2, Kinesis, and VPC
• Track record of complex project delivery, effective organizational development, and strategic business insight

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Job ID: Amazon-1287686