|Category||Systems, Quality, & Security Engineering||Job type||Full Time|
|Country||United States of America|
The Fulfillment, Transportation & Delivery Security (FTDS) team needs a Sr. Software Security Industry Specialist to manage the cybersecurity risk within Amazon's Delivery Services. The scope of this role includes working strategically and tactically with engineers, managers, and developers to manage the lifecycle of a cross-functional Software Security program.
Governance & Management
• Interact with the business to understand their processes, data flows and potential risks.
• Manage the lifecycle of a complex cross-functional security program. Break abstract goals into attainable, measurable work items. Document and help drive multi-year project plans that drive secure software and hardware development and vulnerability management initiatives.
• Act as Scrum Master for the Engineers. Collaborate with the business/customer, Engineering, and other internal teams to scope and deliver security initiatives. Organize the teams administrative needs using Agile/Kanban best practices. Manage expectations, project scope, requests, and schedule with multiple stakeholders. Foster a constructive dialogue, harmonize conflicting views, and lead the resolution of contentious issues (build consensus).
• Proactively solve day-to-day strategic and technical challenges. Proactively identify risks and bring them to the attention of our Engineers and stakeholders with plans for mitigation before they become roadblocks.
• Provide strategic and tactical program recommendations using a deep knowledge of the larger business picture such as customer experience, organization goals, opportunities, problems and the technical requirements of the solutions or security services. Have a moderate understanding of the cybersecurity threats and risks the business/customer faces.
• Communicate changes, verbally and in writing, to various audiences, including Directors and VPs.
• Role model and foster an environment of continuous improvement. Look for ways to simplify or innovate to increase the team's productivity and solve ambiguous security problems to make security simpler).
Secure Software Development Life Cycle (Secure SDLC)
• Manage the intake of security services and conduct technical kick-off sessions to allow our Security Engineers to perform assessments more efficiently.
• Provide advice and consultancy to internal customers on risk assessment, threat modeling, and fixing vulnerabilities.
• 6+ years of technical program management experience or working with engineering teams; managing projects across cross-functional teams, building sustainable processes, managing a program roadmap, and coordinating resources
• 5+ years of cybersecurity experience
• 3+ years of Software & Application Security experience. A solid understanding of the design approaches and industry technologies utilized in Software & Application Security.
• Security-related certifications such as CISSP, CISM, SANS GIAC
• Bachelor's degree in Cybersecurity, Computer Science, Engineering, or related field
• Master's degree or advanced technical degree
• Experience defining KPI's/SLA's used to drive security decisions
• Experience generating automated metrics to measure service and program risk, effectiveness and consistency
• Excellent written and verbal communication skills with the ability to present complex technical information clearly and concisely to a variety of audiences
• Knowledge of application security vulnerabilities and remediation techniques
• An entrepreneurial spirit with the ability to drive innovation independently
• Experience with Agile and Kanban methodologies