DESCRIPTION

Amazon Prime Video Security is hiring motivated and experienced leaders at all levels to chart the course of Information Security within Prime Video. Together we are changing the way millions of customers interact with video content. The Prime Video team delivers movies, TV episodes and Live events to Amazon customers through subscriptions (Amazon Prime), channels as well as purchases and rentals. Amazon believes so deeply in the mission of Video that we've launched our own studio to create original and exclusive content. It's your responsibility to continue to accelerate this business, through novel technical contributions and building programs that reduce security risk while increasing feature delivery velocity to Amazon customers and partners worldwide.

If you are passionate about the field of Information Security and desire to make a positive impact through delivery of projects that protect our customer data and earn their trust, this position will provide you with an unique opportunity in an environment of rapid innovation. The Information Security function within Prime Video is adopting an innovative organizational approach to engage the broad constituencies that we serve - from artists and content creators to our partners and viewership. You will be making an impact on studios, digital rights management (DRM) vendors, chipset vendors, content delivery networks and industry consortiums - even Amazon Web Services (AWS) and the broader Information Security program at Amazon. To support this breadth, your team has executive support as a critical overlay function to the Product Development Lifecycle, intersecting in three functions: Security Engagement, Developer Engagement and Production Engagement.

Security Engagement is focused on security consulting on the use of AWS technologies, secure architectural and deployment strategies within Prime Video. Our focus areas include Edge and Delivery Security, AWS Security, Mobile Application and Device Security. You will be working on providing architectural guidance across Prime Video's most critical projects and have an executive mandate to design to the highest security standards. You will be supported by the Prime Video Security's GRC and Privacy pillar and campaign together to identify and reduce risk across Prime Video.

Developer Engagement is focused post- design and near- code release and subscribes to the Application Security "shift left" mentality. You will be responsible for shepherding the right mixture of code review tools to support the Prime Video software development engineer (SDE) community. You will work closely within similarly focused Application Security communities across Amazon and receive support from the Prime Video Security Engineering team to build and deploy state-of-the art code analysis and fuzzing tools.

Production Engagement is focused on post-release components of Prime Video's Information Security program. This team has a wide remit, including partnering with Prime Video Security's Content Protection team on software deployed to living room devices as well as the services that power these devices. Production Engagement includes red-team exercises, in-house and third-party penetration testing and running various Prime Video bug bounty programs. You will have support from partner teams across Amazon that are constantly innovating in the offensive security space. You will also be supported by Prime Video Security's Active Defense blue-team in the quest to find and remediate undetected vulnerabilities.

As a successful Lead Sr. Security Engineer/Architect in Prime Video Security, you will be seen as a strong leader who prioritizes well, communicates clearly and compellingly understands how to drive a high level of operational and strategic excellence within a team, while collaborating with a variety of internal and external business partners. You must show exemplary judgment in making technical trade-offs between short- versus long-term security and business goals. A successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts rather than older static based security paradigms, though being aware of the older best practices.

We value a diversity of voices. The following is not a laundry list, but to be effective in this role you should possess some of the following and an interest in learning more about the rest:

BASIC QUALIFICATIONS

• Extensive and diverse experience working in the field of Information Security
• Significant experience managing large security efforts, delivering significant security improvements to large, highly complex systems
• Experience in three of the following areas: edge and delivery security (DDoS, CDNs, etc.), mobile applications, device security, threat modeling, authentication, web and network protocols, data structures and algorithms, application security, code reviews, software development, penetration tests, or vulnerability assessments
• Excellent analytical and interpersonal skills, with ability to communicate clearly and effectively with developers, product managers, and senior business leaders with security metrics to influence decisions
• Excellent executive communications or technical writing; clear, concise, and thorough written and oral communication skills.
• High sense of ownership, urgency, and drive

PREFERRED QUALIFICATIONS

• Experience evaluating, recommending, and implementing new and emerging security products and technologies
• Experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services
• Experience in identifying and quantifying security issues and risks, and developing mitigation plans
• Experience working in industry standards groups, influencing external technology & business leaders

Amazon is an Equal Opportunity Employer - Minority / Women / Disability / Veteran / Gender Identity / Sexual Orientation / Age.