Quidsi’s team is a customer-focused organization, both internal and external, that strives to provide excellent service while meeting its number one priority: preserving customer trust. Quidsi is looking for a passionate Technical Program Manager - Security. This position is instrumental for ensuring the security of Quidsi’s production and corporate systems and applications. If you enjoy working in an environment with rapidly changing threat scenarios on the cutting edge of information security, this position will provide you with a challenging opportunity. You will be responsible for security audits, risk analysis, vulnerability/penetration testing, vendor due diligence, and security reviews on many elements of Quidsi's systems.
Key tasks include:
- Plan and direct the day-to-day security engineering activities.
- Act as point of contact within Quidsi for communications dealing with information security, including vulnerabilities, controls, technologies, human factors and management issues.
- Establish credibility and maintain strong working relationships with groups involved with information security matters (legal, internal audit, fraud, physical security, developer community, networking, systems, etc.)
- Review, suggest, and implement improvements for security practices.
- Evaluate complex business and technical requirements, and communicate inherent security risks and solutions to technical and non-technical business owners.
- Lead the architecture, design, implementation, support, and evaluation of security-focused tools and services.
- Develop and deliver general security awareness and specific security technology presentations, talks, and training.
- Establish consistent project management processes, standards, and guidelines in the execution of program-wide security efforts. Engage enterprise wide teams as needed with a focus on results.
- Translate security and technical requirements into business requirements and present to management.
- Stay current on emerging security threats, vulnerabilities and controls.
- Participate in tier 2 and tier 3 security operations support as needed.
- Lead incident handling as required.
- Evangelize security within Quidsi and be an advocate for customer trust.
- Provide leadership and innovation in the design and implementation of security to enable new products and services.
- Experience in management of technical teams.
- Minimum 6 years of information security or related experience.
- Highly technical and hands-on is a must.
- Extensive project leadership experience.
- Skilled in risk management, business risk analysis, and making complex business/risk trade-off recommendations and decisions.
- Strong knowledge in current security threats, trends, and mitigations.
- Experience in design and delivery of enterprise-level security programs.
- Experience conducting acquisition and partner due diligence, including delivery of risk analysis reports of findings is desirable.
- Detailed technical knowledge in security engineering, system and network security, authentication and security protocols, applied cryptography, and application security.
- Experience with client side security and mobile platform security, such as iOS and Android OS.
- Experience with service-oriented architectures and web services security.
- Substantial experience with the application of threat modeling and other risk identification techniques.
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits.
- Excellent written and verbal communication skills.
- Excellent leadership, teamwork, and collaboration skills.
- Results-oriented, high energy, self-motivated.
- Master's Degree in CS, Mathematics or related discipline
- Familiarity with regulatory laws as it pertains to IP traffic, transparency and eCommerce Security standards.
- Experience with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role) is a plus.
Amazon.com - 22 months ago
Amazon strives to be Earth's most customer-centric company where people can find and discover virtually anything they want to buy online. By...