Security Engineering Manager (Pentest), Amazon Stores Security
Description
Alexa's Store Security organization is growing and is seeking a Penetration Testing Manager to help keep Amazon secure for its customers. In this role, you will be responsible for leading a team of highly skilled penetration testers to assess Amazon's services, applications, and websites, with a focus on compliance-driven penetration testing to ensure adherence to regulatory frameworks and industry security standards.
About the role
This role will provide you with challenging leadership and technical opportunities, and if hacking Amazon sounds exciting to you, will also be a lot of fun. You will be in direct contact with teams across a variety of business verticals, giving you firsthand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to drive improvements to services, processes, and technologies throughout the company, including ensuring compliance obligations are met through rigorous security testing, with the ultimate goal of ensuring the continued safety and security of our customers.
Responsibilities
- Lead, manage, and develop a high performing technical Penetration Testing Team distributed across multiple locations
- Lead the strategic direction and evolution of the Compliance Penetration Testing function, including setting goals and establishing priorities
- Plan and execute compliance-driven penetration testing engagements to ensure adherence to regulatory frameworks and industry security standards
- Drive the development of automation and tooling to scale penetration testing across Amazon's growing portfolio of services
- Drive strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout Amazon
- Lead effective teamwork, communication, collaboration and commitment across multiple disparate groups with competing priorities
- Write and deliver high-quality documents for technical and non-technical audiences
Qualifications
- 5+ years of security management experience
- 5+ years of experience in Information Security related domains, with knowledge of security fundamentals, application vulnerabilities, application attack vectors, penetration testing methodologies, and tools
- 3+ years of experience driving Information Security initiatives across large diverse organizations
- 3+ years of experience communicating with a wide range of technical & non-technical partners and senior leadership