Security Engineer, Business Information Risk

At Audible, we believe stories have the power to transform lives. It’s why we work with some of the world’s leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire each other. Imagine your future with us.

ABOUT THIS ROLE
As a Security Engineer II at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers, Application Developers and System Engineers to protect our customers and Audible’s business.

ABOUT THE TEAM
The Audible Information Security team is looking for an experienced Security Engineer to join our world-class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications, and data assets. This role will be focused on managing risk across our business functions.

True to Audible’s People Principles, we are committed to the success of our people and supporting the communities in which we work. Our leadership team is dedicated to mentoring and coaching to help each individual identify their career goals, flourish, and achieve their potential. Our environment encourages everyone to participate. Our diverse team depends on differing backgrounds and perspectives to foster robust conversations that lead us to the right solutions for our customers.

As a Security Engineer, you will...

  1. Perform third-party security risk assessment and due diligence, including managing questionnaire response, evidence verification, and report preparation.
  2. Assess and secure third-party integrations, services, solutions, and partnerships, ensuring controls are implemented to the highest security standards.
  3. Assess, identify and develop recommendations regarding data protection, insider threat, data sharing, identity, and access management.
  4. Execute internal security and confidential information usage security assessments, audits, and investigations.
  5. Assess and prioritize security assessment findings and recommend appropriate mitigations.
  6. Respond to security violations, vulnerabilities, and incident detections.
  7. Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners.
  8. Apply your security and business knowledge to drive secure and pragmatic improvements to Audible people, process, and assets, while guiding technical trade-offs between short versus long-term security and business goals.
  9. Contribute to / provide feedback on the development of security standards and control requirements.
  10. Demonstrate strong organizational and communication skills, with a demonstrated ability to work in a multi-tasking dynamic environment while maintaining a high level of ownership and accountability.

ABOUT AUDIBLE
Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers' daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.

Minimum Qualifications:

  1. Bachelor's degree in computer science or equivalent.
  2. Experience with AWS products and services.
  3. Experience applying threat modeling or other risk identification techniques or equivalent.
  4. 5+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration, and network security experience.
  5. Experience with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy).
  6. Experience in advocating security best practices for third-party integrations (e.g., with SAAS solutions, third-party libraries, etc.).

Additional Qualifications:

  1. Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units.
  2. MS in Cybersecurity, Computer Science, or other relevant degree.
  3. Current knowledge around web and mobile application vulnerabilities, attacks, and mitigation methods.
  4. Experience with developing and maintaining relevant security assessment risk metrics.
  5. Experience using GRC tools and technologies.
  6. Proficient in at least one programming language – Java preferred.
  7. AWS certifications such as AWS Certified Security – Specialty, AWS Certified Cloud Practitioner, or other security-related certifications (e.g., CISSP, SANS/GIAC or GSEC, CISA, OSCP/OSWA/OSWE).

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit .

#J-18808-Ljbffr