Summary

Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer operate securely in the cloud. Building on those experiences you’ll collaborate with AWS service teams on new features, innovate with new technologies, and explore new challenges.

Company Overview

The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.

Sales, Marketing and Global Services (SMGS)

AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success. AWS Support also partners with a global list of customers that are building mission-critical applications on top of AWS services.

• Support incident response operations
• Become a technical resource that earns the trust of customer stakeholders before, during, and after a security event.
• Contribute as part of a team that include Amazonians, partners, and customers to build and deploy threat detection and incident response capabilities.
• Assist in the design, building, and deployment of solutions to automate security operations and incident response on AWS.
• Develop high-quality content, such as automation tools, reference architectures, and white papers to help our customers secure their workloads.
• Innovate on behalf of customers by translating your thoughts into action-yielding results.
• Mentor and invest in our team, partners and customers to raise the bar for our customers.
• On-call required.

Required Qualifications:

• Experience with AWS Services including EC2, Lambda, S3, DynamoDB, SQS
• Experience triaging and developing security alerts and response automation, conducting front-line analysis, and providing escalation support
• Experience scripting with Python, Perl, Bash or PowerShell

Preferred Qualifications:

• Experience with common security monitoring, log analysis and forensic tools
• Experience working as part of a computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT)

A day in the life

A day in the life

Diverse Experiences

Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why AWS

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud.

Inclusive Team Culture

Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.

Mentorship and Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Summary

The Amazon Web Services team is looking for a passionate Security Incident Response Engineer who can lead the response to security issues across the largest cloud provider in the world. You must thrive in dynamic/ambiguous situations, and think like both an attacker and defender, while working through the entire incident response lifecycle. You’ll be working in a global team environment where clear and accurate communication and collaboration on security issues is critical.

In this role you’ll be conducting security monitoring and response activities for the Amazon internal network. We value broad and deep technical knowledge, specifically in the fields of operating system security, network security, cryptography, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence. We don’t expect you to be an expert in all of the domains mentioned above, but we do expect you to be excited to learn about them!

You’ll apply your creative and critical problem solving skills to quickly design and build tooling that enables programmatic automation at a massive scale. You must have a passion for engineering solutions to complex security challenges, and recognize and fill gaps in capabilities. Above all, you should be passionate about information security, the threat landscape and security automation and tooling.

Company Overview

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

• Conduct security monitoring and response activities for the Amazon internal network.
• Design and build tooling that enables programmatic automation at a massive scale.
• Collaborate and communicate on security issues in a global team environment.

Required Qualifications

• Are enrolled in or have completed a Bachelor’s degree

Preferred Qualifications

• Knowledge of system, network and OS

Additional Commentary

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.

Position Overview

The goal of The Information Security Officer is to ensure that each functional area of the Bank achieves and maintains an adequate level of compliance with all applicable laws, rules and regulations, in order to protect the interests of the Bank and prevent fines, penalties or other regulatory sanctions, as well as reduce exposure to risk and potential litigation. This includes ensuring the Bank has industry standard controls to protect the confidentiality, integrity and availability of information owned, controlled or processed by the Bank.

• Develop, implement, and maintain the bank’s information security program in alignment with industry standards and regulatory requirements (e.g., GLBA, FFIEC, NIST, ISO 27001).

• Annual director and staff InfoSec training.

• Annual policy review/update.

• Annual user access reviews.

• Oversight of the incident response program.

• Liaise between the IT Team and Compliance, Audit, Legal and HR management.

• Work directly with the business units to facilitate IT risk analysis and risk management.

• Process, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.

• Participate in IT-related management committees in an advisory and leadership role.

• Oversight/tracking of audit/regulatory findings/corrective actions related to InfoSec.

• Administration of quarterly penetration testing, i.e. oversight of the vendor; follow-up.

• Administration of the quarterly phishing test program.

• Perform daily, weekly, monthly reviews of user activity.

• Produce periodic reports to the Board and senior level committees on the current state of the Information Security program.

• Assist in the development and execution of comprehensive Bank-wide risk management and compliance programs.

• Develop and maintain written risk management and compliance policies and procedures.

• Maintain a current awareness of the regulatory environment and a working knowledge of state and federal laws and regulations.

• Assist or partner with third-party or internal audits/reviews of the adequacy and effectiveness of the Bank’s internal controls and operating procedures with respect to applicable laws and regulations and adherence to the Bank’s risk management and compliance policies.

• Analyze and evaluate audit findings, and, if appropriate, assist in initiating changes in the Bank’s policies, procedures, and control systems for compliance and risk management.

• Lead investigations of security incidents and breaches, providing recommendations for corrective actions and reporting findings to senior management.

• Research Information Security issues and questions and provide interpretations of clarifications to employees or auditors.

• Participate in the development of new products and services to ensure proper controls for the confidentiality, integrity and availability of data and systems.

• Set priorities while working independently on multiple concurrent projects without direct supervision.

• Continuously assess and enhance the bank’s security program to address evolving cyber threats and changes in regulatory requirements.

• Work in a cross-functional team environment and interact with senior risk management staff, line of business management, Internal Audit, Legal, Compliance personnel, and all levels of Bank staff.

• Demonstrate a willingness to be a contributing and engaged member of the team by sharing knowledge, working towards common goals and maintaining a positive attitude.

• Acts as a cultural ambassador to internal and external clients, providing a professional, exceptional, and supportive experience with each interaction.

Minimum Qualifications

• 8 years of financial services experience

• 8 years of information security, IT/IS auditing, IT/IS risk management and/or IT/IS bank management experience

• 4- year Undergraduate Degree (e.g., BS or BA) or equivalent combination of education and experience

• Knowledge of banking laws or regulations, constructing bank policies, generally accepted operating procedures, and internal controls.

• Advanced communication skills, with the ability to communicate effectively at all levels of the Bank.

• Strong analytical and planning skills, critical-perceptive judgement, and creativity in identifying and solving complex issues.

• Proficient in Microsoft Office suite.

Preferred Qualifications

• CISSP, CISM, CompTIA Security+, or other security/technical certifications.

• Self-motivated with action and results delivery orientation; demonstrated initiative and accountability by willingness to assume additional duties other than assigned.

• Consult, facilitate and build relationships in order to foster partnership, collaboration & teamwork across all levels of the organization.

• Works independently and with others to identify issues and develop solutions.

• Demonstrates strong interpersonal and written/ verbal communication (listening, confidence, professionalism, persuasion) with individuals across all levels of the organization.

• Resourceful and flexible with regard to shifting priorities, new demands and challenge.

Our Way

Preserve and enhance our culture in which the values of honesty, integrity, confidentiality, trust and respect are the underlying principles by which we work

Make a meaningful difference in our community through our service and financial support

Maintain a safe and sound institution that operates in conformity with the spirit as well as the letter of all applicable laws, rules and regulations, and to maintain open and forthright communication with our regulators

Benefits

You will have the opportunity to participate, subject to the terms and conditions of the respective plans, in a comprehensive package of benefits. As a highlight:

• Eligibility for health, dental, vision, life and disability insurance coverages

• Retirement Plan - 401k with matching

• ESOP- Employee Stock Ownership Plan

• Time away from work – vacation time, sick time and holidays

• Paid parental leave

• Tuition Assistance

• Professional development opportunities

THE BANK OF TAMPA IS AN EQUAL OPPORTUNITY EMPLOYER

A DRUG FREE WORKPLACE

E-VERIFY EMPLOYER