Senior Security Risk Specialist, GME (Games, Media, & Entertainment) Security

We are changing the way millions of customers interact with entertainment that enriches lives. Amazon Games, Media and Entertainment delivers experiences at unparalleled scale.

Whether it's launching our own studio to create original and exclusive content, or connecting players and developers to the games and communities they love, Amazon Games, Media and Entertainment Security is at the center of customer, builder and content journeys.

Our vision is to be the most loved and trusted entertainment service by empowering the business with innovative security solutions that complement our creative workforce without restricting our ability to deliver a seamless customer experience.

To maintain the highest standards of protecting customer data and keep services safe from threats, we’re hiring a Security Risk Specialist.

This is a hands-on role that will take ownership of existing risk analysis and remediation processes, and help drive the evolution of future strategy and operations.

Working in our existing Security and Compliance team, you’ll collaborate closely with Application Security and partner with leaders across software engineering teams to continually refine how we prioritize security work to reduce risk.

This is a role that will have visibility across the business at all levels, and within a team that will support you in delivering high impact from Day 1.

Key job responsibilities

• Manage planned security initiatives for improving security baseline.
• Assess risk and security posture across the organization, using a mixture of data-driven and data-informed approaches.
• Assess and drive improvement of secure cloud configuration posture across a diverse set of services and technologies in the context of Prime Video’s overall architecture.
• Prioritize technical security findings in business context, in partnership with Software Engineering teams.
• Document technical decisions in business language.
• Develop repeatable workflows for risk response, technical security analysis and tracking metrics.
• Educate, raise awareness, and drive priority on threats, attacks, vulnerabilities, and countermeasures.

A day in the life

As a trusted partner to our software engineering teams, you will work with a network of Software Development Managers and Senior Engineers to drive risk-based prioritization decisions of security work.

You’ll help teams put technical security and control findings in context for their service architecture, based on risk, threat, and compliance factors.

You’ll communicate with teams, managers and senior leaders 1 on 1, as well across the entire organization, to drive proactive and reactive work.

You’ll have an existing tool set to use when you join, and the freedom to develop this going forward in the way that best meets the needs of our engineering teams, and takes our capabilities to the next level.

You will interact with a wide range of data sources ranging from inventories, to scanner outputs, and collaborate to improve tooling and outputs with colleagues in teams within Amazon and AWS who own Security Products.

With a range of telemetry at your fingertips, you will develop new insights for security and engineering stakeholders, with a constant focus on automating current workflows.

About the team

About AmSec : Diverse Experiences

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply.

If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services.

We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Work / Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture.

When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness.

Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training and Career growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

We are open to hiring candidates to work out of one of the following locations :

Austin, TX, USA Culver City, CA, USA Denver, CO, USA Seattle, WA, USA

BASIC QUALIFICATIONS

• Experience operating risk management and vulnerability management workflows
• Experience working with technical stakeholders to mitigate risks and vulnerabilities.
• Knowledge of how to creating and documenting process workflows.
• Experience writing briefing documents for security, engineering and business audiences.
• Experience with data query and manipulation in Python and SQL

PREFERRED QUALIFICATIONS

• Expert knowledge of secure software development lifecycle frameworks.
• Triage of technical security findings ranging from vulnerabilities, to secure cloud control configurations.
• Planning and delivery of large-scale transformation projects.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC).
15 days ago