Supply Chain Risk Management
- Seattle, WA
Amazon Web Services (AWS) provides a highly reliable, scalable, and low-cost cloud platform that powers thousands of businesses in over 190 countries. AWS' Infrastructure Supply Chain & Procurement (ISCaP) organization works to deliver cutting-edge solutions to source, build and maintain our socially responsible data center supply chains. We are a team of highly-motivated, engaged, and responsive professionals who enable the core sustainable infrastructure of AWS. Come join our team and be a part of history as we deliver results for the largest cloud services company on Earth!
We are seeking a Principal Security Engineer to help guide our global Supply Chain Risk Management (SCRM) program. In this role you will lead efforts across the company to assess and mitigate supply chain risks, understand and shape multi-billion dollar contracts, and inform the AWS approach to evolving compliance and regulatory frameworks. You will often collaborate directly with government customers to inform and shape our approach to supply chain security, and also help internal teams implement appropriate mechanisms to continuously assess, prioritize, and mitigate risk throughout the entire hardware lifecycle from initial design to final decommissioning.
As the senior security engineering voice for a distributed, multi-disciplinary team, you will direct strategic investments to maintain visibility and control of all data center assets, and administer the complex and ever-changing aspects of our SCRM program in every region we do business. In order to inform your recommendations and steer AWS in the right direction, you will be called upon to provide risk assessment and perspective on security controls for hardware manufacturing environments. This could include physical aspects of facilities such as cameras and storage areas, digital aspects of manufacturing networks and systems, software development life cycle (SDLC) and image source control, audit mechanisms that are durable/repeatable, and a wide variety of other security controls.
To be successful in this role you must must have prior knowledge and practical experience in supply chain security, US government contracts and compliance standards, and leading strategic programs. Ideal candidates will have in-depth knowledge of specific logistics programs such as TAPA, C-TPAT, and AEO, and a solid understanding of supply chain business considerations such as component sourcing, process optimization, manufacturing systems, and trade and export standards.
Work location is Seattle, Austin, or Northern Virginia.
• BS in Computer Engineering/Science, Electrical/Process Engineering, Information Security, or related
• 10+ years in a Supply Chain or Manufacturing Security, Security Risk Management, or Cybersecurity Program Management role
• Experience with DoD Supply Chain Risk Management (SCRM) compliance and acquisition standards such as DFARS, ITAR, NIST 800-161, NIST 800-171, NIST 800-88, CNSSD 505, and ICD 731
• Active US Federal Government TS/SCI security clearance
• 5+ years of experience in Supply Chain Risk Management (SCRM), including assessing system and component criticality, mapping supply chains, identifying critical suppliers, leading security risk assessment and mitigation, and establishing mechanisms to monitor effectiveness of mitigations over time
• 5+ years of experience in computer security, including threat modeling, penetration testing, incident response, security architecture, cloud infrastructure, or other efforts related to enterprise network defense
• Experience developing presentations and written materials for senior-level audiences, and effectively summarizing complex technical, policy, and functional issues
• Experience with international supply chain and security compliance frameworks such as FIPS 140-2, NIST 800-(30, 53, 161, 171, and 88), ISO 27000, 28000, and 20243 series, NERC CIP, ICD 731, FedRAMP, CMMC, TAPA
• Demonstrated ability to effectively engage with senior government officials and internal C-level leadership
• Experience with anti-tampering and anti-counterfeit technologies such as hardware roots of trust, blockchain, detection and identification taggants, physically unclonable functions (PUF), and reactive countermeasures
• Experience with hardware security (UEFI, Secure Boot, TPM, TrustZone, SGX, bus and memory protection, etc)
• Experience with hardware design (JTAG, UART, PCIe/SPI/I2C buses, ROM, NAND, ASIC/FPGA, Gerber files, etc)
• Some knowledge of hardware attack/defense, including sophisticated side channel mitigations to defeat thermal, acoustic, radio frequency, and power differential analysis
• Some knowledge of international labor, safety, and environmental standards and industry alliances
• Some knowledge of of AWS cloud services and concepts such as S3, EC2, Kinesis, and VPC
• Relevant industry certifications (APICS, CISSP, SANS/GIAC, CompTIA, Rapid7, Microsoft, Linux)
• Track record of complex project delivery, effective organizational development, and strategic business insight
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us
Back to top