Job Description

DESCRIPTION

Please note: this position requires that the candidate selected be a U.S. citizen and must currently possess and maintain an active TS/SCI security clearance with polygraph.

Amazon Web Services (AWS) is the leading cloud provider, providing virtual infrastructure, storage, networking, messaging, and many other services to customers all over the world. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises, run their operations and applications on AWSs multi-tenant infrastructure. Governmental organizations are also looking to and depending on AWS for cloud solutions and services.

Our Continuous Monitoring team is seeking a focused System Security specialist who will perform continuous monitoring, incident response, and conduct direct liaison with our Government customer. This role will specialize in all Continuous Monitoring aspects of System Security management for cloud web services in large scale computing environments.

You should have a good mix of technical knowledge and a demonstrated background in information security. We value broad knowledge and hands-on experience in continuous monitoring, security operations, and incident response.

You should be able to accomplish most of the following:
Execute vulnerability scans utilizing the Nessus scanner & Security Center
Apply NIST, DOD, and other government standards, policies and regulations (e.g., NIST 800-137, NIST 800-53, 800-37 and 800-39) when executing the ConMon Program
Assist in developing and validating ConMon Strategy. Identify ConMon program gaps and recommends solutions to address gaps.
Review risk tolerance within the enterprise architecture, security architecture, security configurations, planned changes to the enterprise architecture, and available threat information.
Assist in the development and tracking of ConMon metrics such as the number and severity of vulnerabilities discovered and remediated, number of unauthorized access attempts, configuration baseline information, and contingency plan testing dates and results.
Support the tracking of finding remediations to completion.
Assist with validating the ConMon information collection and reporting process.
Validate solutions and determine improvements to lower costs, enhance efficiency, improve the reliability of monitoring security-related information.
Develop monthly ConMon Reports and capture metrics as security control assessments are conducted. Detail findings, provide status, recommended mitigations, metrics, and evidence.
Communicate effectively at multiple levels of sensitivity, and multiple audiences.

Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazons culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we arent focused on how many hours you spend at work or online. Instead, were happy to offer a flexible schedule so you can have a more productive and well-balanced lifeboth in and outside of work.

BASIC QUALIFICATIONS

BS degree in technical field, or 5+ years equivalent technology experience
2 years or more of demonstrated experience in areas such as Continuous Monitoring program development & reporting
Previous experience with Nessus scanner & Security Center configuration, scanning, and reporting
Current, active US Government Security Clearance of TS/SCI with Polygraph
PREFERRED QUALIFICATIONS

Implementing enterprise wide System Security programs designed to anticipate, assess, and minimize system vulnerabilities
Experience in making recommendations for resolving System Security problems and requirements for multiple platforms that utilize a common Cloud infrastructure that Government customers leverage as an enterprise compute environment
Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
Understanding of the AWS service catalog
Demonstrated experience administering Linux and Windows operating systems in accordance with applicable security controls
A sense of humor! We work hard to raise the security bar for our customers, but we also know how to laugh.
Meets/exceeds Amazons leadership principles requirements for this role
Meets/exceeds Amazons functional/technical depth and complexity for this role

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation