The Devices and Services Trust and Security team (DSTS) works to ensure that Amazon’s products and services are designed and implemented to the high standards required to maintain and enhance customer trust. Security and Privacy are paramount to maintaining customer trust. We help build trusted products, maintain and operate trusted environments, and advocate trust to customers and stakeholders. We work closely with Amazon’s Devices and Services teams which design and engineer high-profile consumer electronics, including the best-selling Kindle family of products, Amazon Echo, Fire tablets, Amazon Fire TV, Echo Show, Echo Spot, and more.
The Role:
Do you dream about doing work that directly impacts customers, teams, and businesses across the globe? Do you often find yourself ideating about automating and scaling detection of vulnerabilities? Do you want to be part of a security vulnerability research team dedicated to detection and mitigation of vulnerabilities in order to keep Amazon consumer devices and services safe? If you answered yes to any of the above, then we have a job for you! Amazon’s DSTS Detection Engineering team is looking for a Technical Program Manager (TPM) to lead our efforts to help development teams create and deploy the next generation of devices and software services securely. This is a role for someone who is passionate about creating highly impactful scalable security solutions.
In this role, you will provide technical leadership to the program as well as the team’s strategy to improve the efficiency and effectiveness of the automated vulnerability detection processes. You will be able to invent technologies and mechanisms that scale to meet the broad and diverse security needs of Devices & Services teams within Amazon. You will be part of a dedicated team of talented security professionals performing vulnerability research, analysis and designing automation to identify vulnerabilities. You will be tasked with overseeing the creation of high quality static and dynamic security testing (SAST & DAST) detection capabilities to discover and prevent issues throughout the SDLC. You will strive to understand systems, software, and services and envision creative ways to find vulnerabilities. You will influence how we employ automation to reduce or eliminate manual effort, helping our internal customers raise the security bar. You will collaborate with development teams who need solutions that make it easy to build and operate secure systems. You will work to deeply understand the needs of your customers and relentlessly seek to improve their experience and productivity. You will be taking on a lead role in ensuring that Amazon’s products continue to maintain customer trust. You will be asked to lead the discovery of innovative ways to solve challenging problems every day. You will have a leading voice in shaping the future direction of automatic security detection tools in D&S.
Successful candidates for this position will possess strong verbal and written communication skills, be self-driven and deliver high quality results in a fast paced environment. They need to really enjoy working closely with their peers on solving global scale security problems.
Key job responsibilities
Activities in this role include:
* Strategize scaling vulnerability detection by inventing and improving custom tools (e.g. static analyzers, fuzzers, scanners, etc.) to perform variety of automated static, dynamic analysis.
* Reviewing technical solutions, and propose mechanisms to prevent security vulnerabilities.
* Influencing which new security solutions and strategies should be pursued for scaling security in Devices and Services organizations.
* Discovering and proposing strategies for integrating security detection tools into the development life-cycle.
* Collaborating with product and partner teams to identify systemic security problems & propose new solutions that correct identified issues.
* Development of automated mechanisms for reporting on KPIs/SLAs to security team leadership.
* Service management and day-to-day support of DSTS Detection Engineering operations.
About the team
We offer flexible office locations. Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work.
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a well rounded professional and enable them to take on more complex tasks in the future.
We are open to hiring candidates to work out of one of the following locations:
Atlanta, GA, USA | Austin, TX, USA | Charlotte, TX, USA | New York, NY, USA | San Jose, CA, USA | Seattle, WA, USA | Sumner, WA, USA
BASIC QUALIFICATIONS
– 5+ years of working directly with engineering teams experience
– 2+ years of technical product or program management experience
– 3+ years of project management disciplines including scope, schedule, budget, quality, along with risk and critical path management experience
– Experience managing programs across cross functional teams, building processes and coordinating release schedules
– 3+ years of analytical, quantitative, communication, and presentations experience
PREFERRED QUALIFICATIONS
– * Experience defining KPI’s/SLA’s used to drive multi-million dollar businesses and reporting to senior leadership.
– * Demonstrated ability to handle large data sets, display this data in a usable format, and deduce actionable items from the data.
– * Knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, and application security.
– * Knowledge of common software security vulnerabilities (memory corruption, privilege escalation, web application exploitation, protocol-based weaknesses, etc.) and familiarity with various methods to successfully exploit them.
– * Familiarity with Agile Project Management tools such as Jira and Confluence.
– * Ideal candidates must be innovative, creative, driven, results-oriented, flexible and self-motivated.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $101,700/year in our lowest geographic market up to $197,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.