Senior Technical Program Manager - Application Security Virtual

3+ months agoDallas, TX


You have hundreds of thousands of hosts, hundreds of millions of lines of code, billions of online transactions, and one of the most visited sites on the Internet. Now go secure it.

At Amazon, we obsess over our customers, and ensuring our customers' trust is our first priority. To earn that trust in an environment as vast and varied as Amazon's and an online world where threats grow ever more sophisticated requires building a world-class information security to tackle never-before-seen challenges at dizzying scales. You will not just be using cutting-edge security technologies here in Amazon; you will be inventing them.

We are looking for a self-motivated Technical Project Manager (TPM) with strong technical skills, problem-solving abilities, and customer obsession. You will be responsible for analyzing the current software review process and delivering a revised process that better meets the needs of today's Amazonian builders. Working with and through others, you will build the software review process that affects every system, service, and device that Amazon releases.

What you will do: You will have the opportunity to build a new SDLC process that will be used by developers across the company to securely build and operate their services. We have clear goals, but there is a lot of ambiguity in what we need to build; you'll have the opportunity to shape the roadmap and interact with your customers to learn how to solve their challenges. You will be the face and driver of this effort and serve as a Subject Matter Expert to others in this space.

Why it matters: Amazon Information Security has a lot of experience working across the company to identify threats and solutions to security challenges at scale. We want to continue to build the security flywheel through automation and process improvement to continue to earn our customers' trust.

Why you'll love it: We are working on really hard problems and moving very fast. You will be responsible for identifying solutions, trying ideas, given space to fail and iterate to produce products that your customers love. You will be given opportunities to grow and work with your customers to define success.

Who we're looking for: Deeply technical leaders, who stay close to the customer as well as security requirements. A person who reaches out across the company to enlist diverse input from key customers to leverage the experience of the broader team. A person who dives deep in to a problem to deeply understand how things work, when to make subtle change, and when to disrupt the status quo to achieve the right results. Someone who gets, and can communicate, the big picture and wants to have a large impact via an important program.

Key responsibilities include but are not limited to:

• Work with engineering teams across CDO to prioritize security solutions
• Define and drive a - define project plans, drive objectives with stakeholders, effectively communicate status, escalate risks, and provide ongoing support to stakeholders to accomplish goals
• Drive the design, build, and operationalization of innovative solutions to enable security at scale
• Clarify and drive project commitments, as well as establish and maintain clear chains of accountability
• Create and maintain documentation in support of security goals
• Communicate effectively at multiple levels of management, building trust across the organization, and demonstrating discretion with sensitive information
• Coordinate projects across multiple teams, driving them to successful conclusion while building strong, lasting relationships with both internal and external customers
• Evaluating complex business and technical requirements, communicating inherent security risks and solutions to technical and non-technical business owners.
• Be the glue that is able to prioritize and manage technical dependencies across teams
• Dive deep to gather security requirements from appropriate stakeholders and write clear, detailed level requirements
• Interact and communicate with Project Stakeholders throughout the lifecycle of the project
• Drive awareness of security guidelines, secure-by-default configurations, and technological implementations
• Resolve roadblocks through driving trade-off decisions to move work forward
• Deliver correct security results to customers and the business
• Define, measure, and utilize project/ KPIs
• Identify and drive continuous process improvements across security programs and services


• BS in Computer Science or equivalent work experience required
• Experience driving operational process improvements
• At least 5 years' experience in project planning, resource management and project delivery
• A strong record of accomplishment in shaping business strategy and driving technical tools and services
• Strong written and oral communication skills, including the ability to communicate with both technical and non-technical audiences


• At least 3 years of system security, and/or application security experience
• Technical knowledge in security engineering, application and network security, authentication and security protocols, and .
• Knowledge of system security vulnerabilities and remediation techniques
• Working knowledge of Java, C/C++, Perl, , and/or Ruby
• Experience with change management processes
• Experience in securing distributed and cloud computing services (), deployment architecture, and secure technology configurations
• Information security professional certifications encouraged (SANS GIAC, CISSP etc.)
• Experience architecting, securing, and operating Amazon Web Services

Job ID: Amazon-1055861