Sr. Information Security Engineer-Operations
Amazon Pharmacy/PillPack (AP) is on mission to reinvent pharmacy and driving the future of medicine. We use design, service and technology to provide the best possible customer experience and change the way people think about medicine. AP is searching for a talented Senior Information Security Engineer (Sr InfoSec Engineer) to help us evolve the technology security and risk processes that power the core pharmacy and fulfillment engines.
As a member of our Pharmacy Information Security (PharmaSec) team, you will be at the heart of the pharmacy planning and operations. The very foundation of the AP customer experience is Trust. Assuring trust through education, security planning, and active systems monitoring are key components. You will have the opportunity to work cross-functionally with engineering, product, clinical / distribution, and customer care teams. A Sr InfoSec Engineer is the go-to partner for solutions and problem solving for any PharmaSec related issue.
You will be expected to plan, deploy, deliver, and manage best practice security tools and networking and endpoint tools delivering security services. The Tools will be a combination of AP tools, Amazon hosted tools and for cloud operations, AWS tools. You be a member of the PharmaSec Team of Information Security professionals working cohesively and comprehensively to manage the technology risk to AP and our customers. Additionally, as a key technical operations information security expert you will be responsible for participating in design discussions, code reviews, and communicating with stakeholders at every level within the organization to assure each implementation of a new tool or service works cooperatively with installed security infrastructure.
As a Sr InfoSec Engineer at AP, you will help establish technical standards and drive AP’s technical architecture, engineering practices, and operations practices. You’ll work on AP’s hardest problems, building high quality, architecturally sound secure systems that are aligned with our business needs. You’ll think globally when building systems, ensuring AP builds high performing, scalable, and secure systems that fit well together leveraging the best technologies and processes that Amazon and AWS has to offer. AP Sr InfoSec Engineers translate business needs into workable technical solutions. Your expertise needs to be deep and broad; you are required to be hands on, producing both detailed technical work and high-level architectural designs.
This role will be a direct report to the InfoSec Manager – Operations, participating in new strategic initiatives across the healthcare spectrum at Amazon. It will provide opportunities to think big, be customer obsessed, and to partner with business teams across Amazon. We dive deep into security technologies such as new identity and authentication systems, hardware security components, cryptography, system hardening, next generation threat and vulnerability management and massive-scale audit and log analysis. The objective of the AP infosec program is to define the innovative preventative, detective, monitoring, and response mechanisms to enable security individually and at scale. In this role, you will discover, define, and solve challenging problems across multiple teams and locations.
Security Engineers across Amazon are expected to be strong in multiple domains and provide contributions to service, infrastructure and administrative teams. Sr InfoSec Engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.
· 8+ years of experience in vulnerability management
· 5+ years of incident detection/response
· 4+ years of InfoSec incident root cause analysis
· Experience with developing software tooling to solve custom problems
· 4+ years working with and administration of Security networking tools
· 4+ years working with and administration of Security endpoint tools
· 4+ years working with and administration of identity management tools
· Demonstrate innovative security approaches in non-traditional IT environments
· Experience with technical writing
· Experience in generating automated metrics to measure IT security effectiveness and consistency.
· Experience translating technically complex issues into simple, easy to understand concepts
· Ability to deal with ambiguity and establish clear strategy
· Information security professional certifications encouraged (SANS GIAC, CISSP,CISO, etc.)
· Experience architecting, securing, and operating Amazon Web Services
· Meets/exceeds Amazon’s leadership principles requirements for this role
· Meets/exceeds Amazon’s functional/technical depth and complexity for this role
This position may be located in Boston, MA and Relocation is available.
Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us