We are seeking a Senior Security Engineer to drive architectural reviews, threat models, develop requirements for corporate IAM adoption efforts, and support Amazon's Corporate Identity and Access Management initiatives. You will drive programs that improve access management infrastructure across a complex global corporate environment, develop policies and procedures for the identity lifecycle, and provide identity and authN/authZ design review and threat modeling services across the enterprise.
Data-driven decisions are important to Amazon. You will draw heavily on your experience collecting, analyzing, and summarizing data to create compelling written and verbal communications to peer teams at all levels.
If you are excited about the challenges and opportunities described here and you have the background, education, and experience to excel in these areas, we'd love to talk with you further about our company, the team, and how you are uniquely qualified to join us!
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
• Minimum 6 years of experience in identity and access management (IAM) programs
• Demonstrable knowledge of current technologies in authentication, federation, and identity management space, such as OAuth 2.0, OpenID Connect, SAML, SCIM, U2F/UAF/FIDO2, HOTP, TOTP
• Familiarity with using biometrics for authentication and managing related privacy considerations
• Familiarity with relevant identity-oriented standards, such as NIST800-63 and GDPR
• 4+ years of security experience with one or more domains in the common body of knowledge (CBK)
• Functional proficiency with at least one coding or scripting language.
• Bachelor's Degree in Information Security, CS, or related discipline
• Technical knowledge in security engineering, authentication and federation protocols, cryptography, and application security
• 4+ years experience in information security threat modeling, design and architecture reviews, and risk analysis.
• Knowledge of system security vulnerabilities and remediation techniques
• Experience communicating with technical and non-technical stakeholders across multiple business units
• Excellent written and verbal communication skills.
• Excellent teamwork and collaboration skills