Amazon logo
Amazon

Work Hard, Have Fun, Make History

Security Industrial Specialist

Location

United States

Posted

5 days ago

Salary

$102K - $178.4K / year

Seniority

Mid Level

Job Description

Security Industrial Specialist

Amazon

Role Description The Special Programs Evaluations Assessments & Response (SPEAR) Pre-Evaluations Team is looking for an independent, passionate, highly talented, and motivated security specialist to join the team. In this role you will participate in the tactical planning, coordination and collaboration of physical security requirements for new builds in AWS data facilities, where you will be identifying variances in approved standards and making recommendations for improvement. This role directly impacts AWS physical security operations and provides robust evaluations for these sites. This team evaluates the application of all facets of physical security including people, processes and measures in order to address physical security vulnerabilities. You will report to the SPEAR Pre-Evaluations team Global Manager and support the Evaluations team by providing early detection of vulnerabilities, as well as keeping the standards team apprised of developments to ensure mitigations are implemented and considered in the future. You may also be directed to conduct physical security assessments on physical measures being considered by AWS Security and our AWS partners. These assessments are supported by comprehensive written reports in order to present a complete picture of the physical security status/posture of a given site. All of which contributes towards the global effort to uphold the confidentiality, integrity and availability of AWS and Amazon services. The ideal candidate would have knowledge of Crime Prevention through Environmental Design (CPTED), to include concepts and principles, data collection, analysis, presentations and reports, behavior and the physical (built) environment. This position will require extensive travel amounting to approximately 50% to ensure the delivery of this team’s mission both regionally and globally. Key job responsibilities - Support the adjudication of identified physical security vulnerabilities. Ensure all vulnerabilities identified are documented and effective mitigation actions are taken to resolve the vulnerability. - Partner directly with regional/local AWS teams to review physical security and related physical security policies, standards and operating procedures to ensure physical security measures are in place prior to data facility commissioning. - Work closely with the other SPEAR teams to ensure continued collaboration and coordination. - Continually monitor industry trends and events to ensure world class-evolving evaluations by developing and maintain personal relationships with key industry personnel and manufacturers. - Assist the adjudications team and AWS partners to ensure findings are appropriately mitigated. - Keep the SPEAR Pre Evaluations team Global Manager fully informed of customer engagement status, issues, activities and progress. - Develop and maintain relationships with customers to ensure fixes/mitigations are completed. A day in the life As a Physical Security Industry Specialist, you will work directly with other AWS Physical Security Teams, AWS management, and partners to collaborate in the real-world application of Physical Security within AWS. You will review and be knowledgeable of new technologies and security measures for possible application to the existing suite of security processes and measures to enhance the security posture across AWS. The ideal candidate should have a working knowledge of physical security principles and how that relates to practical application and real world implementation of processes and measures. Qualifications - Experience working with global cross-functional teams. - Experience working on physical security design and implementation of Access Control/Intrusion Detection and CCTV Surveillance systems. - 4+ years of experience working Security/Law Enforcement or Military with experience in Physical Security Principles, Access Control, Intrusion Detection and CCTV systems. - 2+ years of Crime Prevention through Environmental Design (CPTED) experience. - 4+ years of combined experience specializing in alarm systems, access control systems, global professional lock and key controls, and alarmed door control hardware. - Experience in conducting reviews of existing facilities and applying physical security principles to practical applications experienced at the site. - Ability to travel globally. - Experience in physical security. - Experience in data center design, construction, operations, or facility maintenance. - Experience in written and verbal communication skills to communicate with technical and non-technical audiences, including senior leadership. - Experience in written and spoken English and an ability to compose grammatically correct, concise and accurate written responses. - Demonstrated knowledge of physical security best practices to include the application of physical security, access control systems, security guard requirements and adversary techniques. Benefits - Comprehensive health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans). - EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage. - 401(k) matching. - Paid time off. - Parental leave. Company Description Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Related Categories

Related Job Pages

More Security Engineer Jobs

Softgic logo

Cloud Security Specialist, AWS

Softgic

Digital and Cognitive Transformation.

Full TimeRemoteTeam 51-200Since 2011H1B No Sponsor

• Implementar y administrar controles de seguridad en AWS (IAM, VPC, EC2, S3, RDS, EKS, entre otros). • Configurar herramientas nativas: GuardDuty, Security Hub, CloudTrail, Config, WAF, Shield, Inspector, Macie. • Monitoreo y respuesta a incidentes (CloudWatch, logs, SIEM, análisis y remediación). • Definir y ejecutar procesos de DRP/BCP (RTO, RPO, backups y pruebas). • Gestionar vulnerabilidades, parches y seguimiento a hallazgos. • Administrar identidades y accesos (IAM, RBAC, MFA, SSO, Secrets Manager). • Asegurar cumplimiento con estándares como CIS, NIST y SOC 2.

Colombia
Phoenix Software Limited logo

Managed Security Specialist

Phoenix Software Limited

Utilising technology to enable UK organisations to innovate and transform. Outcome focused IT solutions and services.

Full TimeRemoteTeam 201-500Since 1990H1B No Sponsor

• Support the growth and adoption of Phoenix’s managed security services portfolio. • Work closely with Account Managers and Business Development Managers to identify, qualify and progress opportunities. • Act as a trusted specialist resource during customer engagements, service introduction calls and solution discussions. • Present and demonstrate managed security solutions to prospective customers. • Support the creation of high-quality proposals, tenders and bid responses. • Collaborate with service delivery teams to understand service capabilities, operations and customer outcomes. • Deliver enablement sessions to internal sales teams, helping them identify and position managed security opportunities. • Support the development and execution of sales and marketing campaigns. • Maintain accurate pipeline information and contribute to forecasting activities. • Ensure all opportunities are tracked and managed through CRM systems. • Gather customer feedback and contribute to continual service improvement activities. • Identify opportunities for cross-sell and up-sell across the wider Phoenix portfolio. • Maintain awareness of the evolving cyber security landscape and emerging threats affecting customers.

United Kingdom
Believe logo

Senior Cybersecurity GRC

Believe

Believe is a global artist development company. We empower local artists, labels and publishers to grow their audiences at each stage of their careers with expertise, respect, fairness and transparency. Operating in 50+ countries, with more than 2,000 employees, Believe offers a full range of services including audience development, publishing, marketing and distribution, with a tailor-made approach to fit any artist, label or publisher. Believe champions independence and innovation through a unique model that combines local expertise with a global tech platform, delivering exclusive solutions for artists to promote and monetize their music thanks to strategic partnerships with leading global digital service providers. With a leading portfolio of brands that includes Nuclear Blast, naïve, TuneCore, Groove Attack, Sentric, AllPoints and Byond, Believe artists generated more than 800 billion streams worldwide in 2024 across all genres, and were recognized with more than 70 leading industry awards. Believe is a simplified joint-stock company under French law.

Full TimeRemoteTeam 1,001-5,000

Role Description We’re hiring a Security GRC Engineer to help us build governance, risk, and compliance in a way that actually works in a modern tech organization: pragmatic, automation-friendly, and aligned with agile delivery. This is not a “paperwork” job. You’ll partner closely with engineering, product, workplace, auditors, and security to turn risk management and compliance into clear, usable guardrails and you’ll challenge processes that create friction without improving security. - Risk management that drives decisions - Run lightweight, continuous risk assessment and threat modelings with teams (not once-a-year rituals). - Translate risk into clear options: impact, likelihood, tradeoffs, and recommended actions. - Track remediation plans and provide visibility through simple reporting. - Build practical governance - Maintain and improve security policies/standards so they’re short, actionable, and adopted. - Create control objectives that fit real engineering workflows (CI/CD, cloud, SaaS, identity). - Compliance, without the theater - Support audits and evidence collection with a focus on efficiency and reusability. - Help align our program with recognized frameworks (e.g., NIST) in a pragmatic way. - Develop “compliance-as-code” habits where possible (automated checks, continuous evidence). - Third-party risk (vendors, partners) - Drive assessments, follow-ups, and risk treatment with procurement and stakeholders. - Push for scalable vendor processes (tiering, standard questionnaires, measurable requirements). - Security enablement - Create playbooks, templates, and self-service material that teams can use without heavy guidance. - Coach teams to understand risk and make better security choices early in delivery. Qualifications - Experience in GRC / risk / compliance in a tech environment (security, cloud, SaaS, engineering orgs). - Strong understanding of security fundamentals: identity, access, logging, incident response, cloud shared responsibility, secure SDLC (at a practical level). - Ability to write simple, clear policies/standards and translate requirements into engineering-friendly controls. - Comfort with ambiguity and agility: you can iterate, prioritize, and deliver incremental improvements. - Excellent stakeholder skills: you can influence without authority, challenge respectfully, and get things done. Requirements - Bonus points for experience aligning programs to frameworks (NIST CSF, ISO 27001, SOC 2, etc.). - Experience with vendor risk platforms or automation (workflows, evidence collection, dashboards). - Familiarity with “compliance as code” concepts, continuous controls monitoring, or security tooling. - Experience partnering with product/engineering teams on secure-by-design practices. Benefits - Tailor-made training and coaching program. - Remote working policy. - A wellness program "Pauses" with many activities and animations in-house. - Access to Eutelmed, a digital mental health and well-being platform that allows you to speak with an experienced psychologist. - A healthy and eco-responsible company restaurant. - Individual or family health insurance. - CSE benefits. - A rooftop. - A gym with free classes.

France
Netrix Global logo

Information Security Engineer

Netrix Global

IT Consultant & Managed Service Provider

Full TimeRemoteTeam 501-1,000Since 1990H1B No Sponsor

Role Description We are looking for an experienced and knowledgeable Information Security Engineer (Tier 3) to join our team! As an Information Security Engineer, you will be responsible for planning, implementing, and managing the overall security strategy for our managed customers. The ideal candidate should have strong understanding of cloud native SIEM solutions, Endpoint and Network security tools and compliance requirements. - Work closely as part of the team, and be independent to handle incidents, and drive incidents to resolution as well as learning and improving from them. - Collaborate with colleagues on various security projects and contribute towards best practices of processes, technology used and overall security awareness. - Maintain a teamwork mentality, working closely with colleagues on projects, learning from and supporting each other. - Maintain and improve the security technologies deployed, including creating use cases, customizing, or better configuring the tools based on past and current threats. - Adopt a quality service approach, proactively pointing out possible issues, providing detailed reporting, and staying available for support until an issue is resolved. - Be detail-oriented and flexible-minded to contribute to the 24/7 defensive capabilities of the SOC for the overall security of the organization and customers. - Exhibit curiosity, problem-solving mentality, and a keen interest in growing in the security area. - Analyze logs (from Security Information & Event Management system) and other sources to create reports and better prepare for suspicious events or malicious efforts. - Have solid experience working in a SOC environment, with a good understanding of network & application security and vulnerability management. - Possess good communication skills to interact with colleagues locally and internationally from both technical and non-technical backgrounds. - Perform penetration testing, vulnerability scanning, and manage and track remediation of identified vulnerable systems. Qualifications - 5+ years of Information Security experience - Working experience with integration with different security systems and devices - 2+ years coding and scripting experience in Python, Linux shell scripting or Windows Powershell scripting - Working experience and knowledge of SOAR platforms and solutions - 2-4 years of systems analysis - Working knowledge of Linux and syslog from CLI - Experience with computer network/application penetration testing and techniques - Proven ability and experience performing moderately complex security analysis for information technology - Excellent writing and communications skills in English - Familiarization with a variety of information and network security tools (Azure Sentinel SIEM, QRadar SIEM, Splunk, McAfee Security Suite, Cisco IDS/IPS, Tenable Nessus, and Palo Alto, among others) - Familiarization with a variety of Network Access Control software (Cisco ISE, ForeScout, etc.) - SQL or KQL knowledge is considered an advantage - Operational knowledge of API is considered an advantage Education Preferred - Bachelor's degree in computer information systems or related field Industry Certifications - Certified Information Systems Security Professional (CISSP) - Information Systems Security Engineering Professional (CISSP-ISSEP) - Systems Security Certified Practitioner (SSCP) - CompTIA Security+ - Certified Ethical Hacker (CEH) - Certified Security Analyst (ECSA) - Certified Incident Handler (ECIH) - CompTIA Cybersecurity Analyst (CSA+) - Information Technology Infrastructure Library (ITIL) - Cisco CCNA - Cisco CCNP + Security - MCSE - Linux+ Shift - Monday - Friday 8 AM - 5 PM CT, US Business hours (Central) with on-call participation. The shift may be rotated/changed based on support coverage requirements.

Bulgaria