Build Your Career in Cybersecurity -
YOUR WAY

Summary Information about the Role

The Cybersecurity Advisor will play a key role in this project by developing, synthesizing, reviewing, and reporting on all manner of industrial cybersecurity. Qualified candidates should have a command understanding of vulnerability analysis, incident reporting, standards, policy, and training content delivery. The Cybersecurity Advisor may also conduct classroom instruction in the theory & operations and validation of cyber training to small and medium size business operators. The Advisor will work as part of a team to develop and refine cyber courseware.

​

Company Overview

The Office of Small Business Programs (OSBP) is responsible for the development of small business policy, oversight of DoD's small business performance for prime and subcontracting goals, administration of small business programs, industry engagement, ensuring cyber resiliency of the small business industrial base and utilization of technology and big data principles to drive market research and small business inclusion in defense procurements.

• Advise small and medium-sized businesses on setup and maintenance of cybersecurity-related systems and processes—business risk, challenges, and compliance options, and building or recommending solutions for small and medium-sized businesses.
• Work with Cloud Architects, DevSecOps, and other development team members to review cloud architecture to identify and implement improvements of security services.
• Provide security expertise to the team on topics ranging from security architecture, hardening, monitoring, incident detection and response as well as general security improvements.
• Act as a subject matter expert on cloud and physical security to implement controls for NIST frameworks 800-53, 800-171, 800-190 as well as CMMC, PCI, and HIPAA.
• Provide guidance on implementing continuous monitoring in AWS cloud environments.
• Provide guidance for automation of implementation of the solutions provided from the candidate and others in the security team in areas such as vulnerability management, logging and monitoring, incident response, and endpoint security.
• Perform regular additional security-related tasks as assigned.
• Contribute to the review of cybersecurity products.
• Perform tasks related to securing and keeping the products, tools, and processes that you are responsible for securing.
• Contribute to/and or write SSPs and PO&AMs.
• Effectively mentor and teach cybersecurity and non-technical team members.
• Assist in the identification, tracking, and remediation of security risks discovered on information systems.
• Prepare and deliver detailed written reports and oral presentations to senior leaders or staff within the organization.
• Explain requirements to systems administrators in detail to ensure proper understanding and clarity.
• Provide cybersecurity instruction delivered through both live and virtual classes. Travel may be required.
• Assist in the development of curriculum content that implemented through interactive learning, utilizing technology.
• Possess the ability to serve as primary or assistant instructor and/or demonstrator for cybersecurity training topics.
• Possess the ability to conduct on-site field training of operations personnel on newly developed/implemented system procedures.
• Create customized training plans based on current systems, new system upgrades, and mission-specific requirements.

Required Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Information Security, Cloud Computing, or related field.
• Active certifications: CASP, CISM, or CISA
• 6+ years of Information Assurance or Cybersecurity related experience.
• Expert level experience with obtaining Authorization to Operate (ATOs).
• Possess exceptional verbal communication and interpersonal skills.
• Strong writing skills, with emphasis on technical writing.
• Ability to travel up to 10% (Pandemic-related schedule flexibility available).

​

Preferred Qualifications:

• Master’s degree in Cybersecurity or related field.
• CISSP
• GSLC
• AWS Certified Security Specialty certification
• AWS Certified Solutions Architect certification
• Experience with Tripwire, Nessus, WAF, and IDS/IPS tools.
• Familiarity with automation tools, containerization, and static code analysis tools.
• NIST 800-171 AND CMMC certification

NA

Summary Information about the Role

Amazon’s Information Security Penetration Testing Team is seeking a Security Engineer to help keep Amazon secure for its customers. In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them to our internal technology teams. This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking Amazon alongside a team of highly skilled individuals sounds exciting to you.

​

A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Amazon. You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to break services, processes, and technologies throughout the company.

​

Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. You will demonstrate resilience and navigate ambiguous situations with composure and tact. You will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.

​

Company Overview

About Amazon Security

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

​

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

​

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

​

Training & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

​

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

• Conducting high quality application penetration tests independently, or as part of a team
• Creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations
• Contributing to team tooling, innovation, and improvements
• Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings

Required Qualifications

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
• Bachelor's degree in computer science or equivalent
• Knowledge of networking protocols such as HTTP, DNS and TCP/IP

​

Preferred Qualifications

• 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
• Experience with AWS products and services
• Experience with programming languages such as Python, Java, C++

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

​

Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

​

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

​

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.

Find your future at United! We’re reinventing what our industry looks like, and what an airline can be – from the planes we fly to the people who fly them. When you join us, you’re joining a global team of 100,000+ connected by a shared passion with a wide spectrum of experience and skills to lead the way forward.

​

Join our Cybersecurity and Digital Risk (CDR) team to help us also lead the airline industry in cyber-safety. United’s CDR team is tasked with keeping our customers’ and employees’ information safe and secure. Our primary mission is to embed cybersecurity into the DNA of United Airlines by reducing business risk through implementation of strong cybersecurity standards.

​

Achieving our ambitions starts with supporting yours. Evolve your career and find your next opportunity. Get the care you need with industry-leading health plans and best-in-class programs to support your emotional, physical, and financial wellness. Expand your horizons with travel across the world’s biggest route network. Connect outside your team through employee-led Business Resource Groups.

​

Create what’s next with us. Let’s define tomorrow together. Apply today!

• The Engineer - Identity & Access Management's main responsibility is to implement security principles to the United Customer IAM platform and overall infrastructure support in alignment with the Cybersecurity & Digital Risk policies to protect data and reduce risk.
• You will be dedicated to the implementation and support of modern Customer and Enterprise IAM systems. They will work closely with development teams and consumers of IAM services. They play a vital role in integrating secure identity solutions during the product lifecycle.
• This role requires an understanding of IAM principles, protocols, and standard processes. They will be able to support the execution and the implementation of designs provided by IAM architects and ensures these IAM capabilities and serves are adopted and optimally coordinated with systems across the organization while providing ongoing support and maintenance for IAM processes and technology.
• Assists in providing support for the implementation and administration of IAM platforms
• Supports break/fix requests, supervises the environment, and assists Digital Technology with processes for development, QA, and production environments
• Respond to Level 1 tickets including bugs, outages, and new feature requests
• Ensure IAM solutions enforce to regulatory, compliance, and internal requirements
• Assist in the maintenance of IAM policies, standards, and procedures
• Provide reports as requested for compliance
• Work with Cyber Defense and other groups as needed
• Ensure IAM security is aligned with the overall security strategy to reduce risk to the organization
• Collaborate with development teams and other IAM service consumers
• Offer mentorship regarding the implementation and usage of IAM capabilities in enterprise systems
• Collaborate with other IAM team members seeking mentorship on IAM related matters and contributing to system support

What’s needed to succeed (Minimum Qualifications):

• Bachelor's Degree and three years of work experience, or in lieu of a Bachelor's Degree, 6-9 years of related work experience will be accepted
• 3+ years of related Engineer - IAM experience
• An understanding of Enterprise or Customer Identity & Access Management in some of the following areas: Single Sign-On, Multi-Factory Authentications (MFA), and Authentication, Privileged Access Management (PAM), Identity Governance & Administration concepts
• Solid grasp of identity Protocols and technologies such as OpenID Connect (OIDC,) OAuth, SAML, AD-Fed, API Gateways, SCIM, and platforms such as Ping Identity, Okta, MS Azure, and ForgeRock.
• Experience with modern software lifecycle development and automated cloud infrastructure deployment
• Understanding of policies that reflect system security objectives
• Ability to determine how a security system works (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
• Experience with at least one of these tools: CIAM – Jumio, ThreatMatrix, BehavioSec, EIAM-Delinea/Thycotic, CyberArk, Duo, Oracle Access Manager, Sail Point, Saviynt
• Must be legally authorized to work in the United States for any employer without sponsorship
• Successful completion of interview required to meet job qualification
• Reliable, punctual attendance is a crucial function of the position

​

What will help you propel from the pack (Preferred Qualifications):

• STEM, Cybersecurity, Risk Management, Computer Science
• CISA, CISM, CISSP
• 4+ years of related experience
• Knowledge of organizational standards and policies (ISO, NIST)
• Knowledge of compliance regulations (SOX, PCI, FAA, GDRP, PII)

Post Expiration Date: 04/15/2025