Security Assurance Specialist
On site
Reading, United Kingdom
Full Time
25-02-2025
Job Specifications
DESCRIPTION
Amazon Web Services is a dynamic and rapidly growing business within Amazon.com. We provide a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. We provide organisations with building block web services that allow them to innovate faster and operate their software more cost-effectively. These services-in-the-cloud include on-demand compute capacity, storage, content delivery, querying of structured data, message queuing, and more. The AWS team is building and delivering the next generation of cloud computing that supports public AWS offerings like S3, EC2, and CloudFront. We are innovating new ways of building massively scalable distributed systems.
At Amazon Web Services (AWS), Security is our highest priority. At AWS' scale, we invent new ways to provide the highest level of assurance to our security conscious customers. AWS Security is looking for a Security Assurance Specialist who can prioritize well, communicate early and clearly, and has a solid understanding of security and compliance within a cloud environment.
The Security Assurance Specialist will be part of the team which is responsible for demonstrating the security controls of services offered by AWS. This position will be focused on the Security Assurance function, leading on day-to-day security assurance activities, evaluating compliance and providing evidence of how they meet the requirements of our most security conscious customers.
At AWS we are obsessed with earning and maintaining customer trust. This role facilitates our ability to build and maintain that trust through our internal Security Assurance processes and mechanisms. Ideal candidates will have the ability to learn and comprehend security control implementations and operational effectiveness, AWS services, and IT and cloud auditing processes. They will also be able to evaluate opportunities for improvement, and influence across organizations and teams.
Key job responsibilities
Collaborate with internal teams and customers to establish baselines and agree the security requirements and associated security controls.
Manage requests for evidence relating to key security controls, by working in collaboration with internal and external stakeholders.
Responsible for reviewing the security of proposed new AWS systems, networks, and software designs for potential system security risks, and resolving integration issues related to the implementation of new services within the existing cloud infrastructure.
Liaise between key stakeholders and AWS technical communities to articulate security control implementation.
Dive deep into the Amazon control environment to develop broad domain and technical understanding of our security activities and control implementations to enable these to be articulated to both customers and internal/external stakeholders.
Work across a wide variety of AWS teams to establish and maintain information security documentation.
About The Team
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
About The Team
About Amazon Security
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
BASIC QUALIFICATIONS
2+ years of professional experience in performing technical assessments or audits within a cloud environment, including working knowledge of foundational security principles and industry best practices.
Demonstrated experience in security, audits, customer trust, control assessments, or risk assessments.
Proven analytical and quantitative skills, and an ability to use data and metrics to back up assumptions, develop detailed reporting and drive process improvements.
PREFERRED QUALIFICATIONS
Solid foundation in service-oriented and web-service technologies
Experience designing and implementing systems using AWS. Familiarity with Information Security or Audit frameworks. Experience in the delivery of projects and programs across multiple teams.
Strong verbal and written communications skills, as well as the ability to work effectively across internal and external organizations.Strong analytical and critical thinking skills with the ability to use data to back up assumptions, recommendations and drive actions.
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.
Amazon is committed ...
About the Company
Launched in 2006, Amazon Web Services (AWS) began exposing key infrastructure services to businesses in the form of web services -- now widely known as cloud computing. The ultimate benefit of cloud computing, and AWS, is the ability to leverage a new business model and turn capital infrastructure expenses into variable costs. Businesses no longer need to plan and procure servers and other IT resources weeks or months in advance. Using AWS, businesses can take advantage of Amazon's expertise and economies of scale to access ... Know more
Related Jobs
- Company Name
- Ørsted
- Job Title
- Information Security SCADA Specialist - Critical Infrastructure
- Job Description
- Join us in this role where you’ll be leading UKW hub national critical infrastructure with cyber secure generation. You will be leading in all areas of Information Security Management system across the region, initiating improvements of the system, and reporting from the system. This also includes ensuring that the implemented ISMS controls fulfil organisational and country-specific legal requirements where ISMS is implemented. Welcome to UK West Engineering You’ll be part of UKW Engineering team where you, together with your colleagues, will ensure secure, reliable generation from our European assets. You will ensure the best possible handling and improvement of cybersecurity and ensure compliance towards applicable country-specific legal requirements where ISMS is implemented. You’ll secure the lowest possible operating costs and consistently deliver high-quality results at the right time. You’ll play an important role in: maintaining and improving the cybersecurity risk register, including conducting risk identification, developing improvement roadmap and conducting follow-up workshops with relevant parties owning regional technical cyber security risks in close collaboration with Quality & Risk team. Developing, securing budget and implementing risk treatment plans defining effective business continuity plans for SCADA IT/OT systems, maintaining them and implementing them in emergency scenarios, leading event recovery sessions in relation to area of expertise facilitating and supporting regional hub initiatives on continuous improvement of ISMS, including instructions, controls, reports, training, or other work related to ISMS ensuring development and roll-out of training to all involved functions as well as supporting relevant teams in the implementation of ISMS requirements establishing, conducting, and following up on regional audits (internal & external) and management reviews in accordance with requirements in ISMS. To succeed in the role, you: [HFJ1] hold a degree in Information Security, Cybersecurity, Computer Science, or a related field are proficient in cyber security in IT/OT environments, preferably with in-depth knowledge on ISO27001/27019 and IEC62443. National requirements such as NIS-CAF would be advantageous possess relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC) bring prior experience working independently in the energy sector, particularly in a regulated environment such as utilities, renewable energy, or oil and gas are proficient in risk assessment methodologies, security controls, and incident response management demonstrate ability to work effectively with external vendors and internal stakeholders to achieve security objectives. Maybe you’ve read the above and can see you have some transferable skills, even though they don’t quite match all the points. If you think you can bring something to the team, we still encourage you to apply. Shape the future with us Send your application to us as soon as possible. We’ll be conducting interviews on a continuous basis and reserve the right to take down the advert when we’ve found the right candidate. As an applicant or employee, you may request reasonable work and position accommodation or adjustments via accommodation@orsted.com. Please note that for your application to be taken into consideration, you must submit your application via our online career pages and answer the screening questions relevant for your country. We don't take applications or inquiries from external recruiters or agencies into account for this position.
- Company Name
- InterEx Group
- Job Title
- Network Security Engineer
- Job Description
- Job Title: Network Security Engineer Location: Seattle, WA Job Description: We are looking for a skilled Network Security Engineer with expertise in Cisco technologies to join our team in Seattle, WA. As a Network Security Engineer, you will be responsible for designing, implementing, and maintaining secure network infrastructures to protect our organization's data and systems from cyber threats. Key Responsibilities: - Design, implement, and maintain network security measures to protect organization's data and systems - Monitor network traffic for potential security breaches and respond appropriately to incidents - Conduct regular security audits and vulnerability assessments to identify and address security risks - Collaborate with cross-functional teams to implement security policies and procedures - Provide technical support and guidance to IT staff on network security best practices - Stay up-to-date on latest security trends and technologies to continuously improve network security measures Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field - 3+ years of experience in network security engineering - Strong expertise in Cisco networking technologies, including Cisco ASA, Firepower, and ISE - Experience with network security protocols and tools, such as VLANs, IPSec, and SSL VPN - Certifications such as CCNA Security, CCNP Security, or CISSP are a plus - Excellent communication and problem-solving skills - Ability to work effectively in a fast-paced, collaborative environment - Strong attention to detail and ability to prioritize tasks effectively Would love to discuss further!
- Company Name
- TieTalent
- Job Title
- Cyber Security Assurance Tester and IR Specialist
- Job Description
- About Six Degrees is a leading secure, integrated cloud services provider, where everyone is welcome. We believe success lies in harnessing a truly diverse and inclusive culture. Our business protects UK organisations with the goal of enabling them to operate effectively and securely in the cloud, by giving them secure platforms to innovate and grow. We support our customers on their digital transformation journey regardless of their maturity. Our vision is to be the UK’s number one provider of secure, integrated cloud services to the small to mid-size market. Our Cyber Security Assurance team are one of the most experienced and highly qualified teams of penetration testers in the UK. Also experts in forensics, the team is responsible for testing 1000’s of applications, systems, environments and devices every year. The team routinely research vulnerabilities, compile threat intelligence and assist clients in shoring-up their data security. The Internal Penetration Testing & Incident Response Specialist will be a key member of the Cyber Security Assurance team, responsible for proactively identifying, assessing, and mitigating security risks internally within the organisation. They will work under general supervision, handling both internal penetration testing activities and aiding incident response operations for both external clients as well as internal operations. The role requires a methodical and analytical approach to security testing, as well as the ability to act decisively in response to security incidents. They will act as a subject matter expert for internal penetration testing and threat response, applying appropriate tools, techniques, and methodologies in accordance with relevant standards and legislation. They will work on complex and non-routine testing scenarios, providing actionable insights to improve the organisation’s security posture. The role requires close collaboration with internal teams, supporting security investigations, incident handling, and threat mitigation efforts. The Cyber Security Assurance Tester and IR Specialist will need to have experience in running common penetration testing types and being able to manage complex incidents that may malware reversing, forensics and log analysis. You will need be certified with the following certificates such as Cyber Scheme Team Member, CREST Registered Tester, CREST (CPIA), Intrusion Analyst (CRIA), CREST Certified Incident Manager (CCIM) In the context of a broader security initiative, this role will serve as the internal component of the client-facing penetration testing team, reporting to senior management. Exceptional communication skills are crucial, as the individual will be responsible for producing clear and professional written reports, technical evaluations, and briefings for key stakeholders. Regular collaboration with internal teams will be necessary, necessitating the ability to convey technical findings in a manner that highlights their business implications. The individual will also focus on enhancing their knowledge in penetration testing, threat intelligence, and incident response, ensuring that testing methodologies and response strategies are in line with industry best practices. This position is ideal for a security professional who is proactive and adaptable, capable of integrating offensive security testing with swift responses to cyber threats within the organization. Our Benefits In return for the passion our people bring to everything they do, we want them to enjoy a range of benefits that enrich their lives. We are a Real Living Wage employer, and through our additional employee benefits we feel we’ve got something that will help everybody live their best life. We recognise the immense joy and significance of family leave for our employees, which is why Six Degrees provide an enhanced maternity and paternity leave package. We’re also keen to support people with flexible working, so everyone can have the personal time they need whilst still doing great work here at Six Degrees. We have some fantastic benefits on offer, with everyone being given Private Medical Insurance, Life Assurance, a matched pension scheme and 25 days holiday and as a happy birthday from Six Degrees, all employees get a day off for their Birthday. Throughout the business, our people have a causes and initiatives that they support and that is close to their heart. That’s why we give everyone the chance to volunteer one day year in addition to annual leave to make a difference. What is more, we also make a contribution to any additional benefits you may wish to choose. Every Six Degrees employee has instant access to private medical care is available, as well as mental health and employee wellbeing support 24/7. Whether it’s a wellness benefit, such as gym benefits, fitness programmes and genetics wellness testing to our life benefits with discounted rates on travel, critical illness and dental insurance. We also provide discounts on well-known brands, in restaurants, supermarkets, the list goes on! Our Recruitment Process At Six Degrees, we prioritise efficiency in our recruitment process, as we believe it is essential for you to connect with potential colleagues and have a positive candidate experience. Our team will thoroughly evaluate all applications, and if your qualifications align with our needs, our Talent Acquisition team will reach out to schedule a call. If all goes well, you will be invited to participate in an interview with your prospective line manager and team members, where you will discuss your suitability for the position and learn more about Six Degrees. For certain critical roles, we may conduct a second and final interview, which could include a task specific to the role. Following the completion of the assessment process, we look forward to welcoming you to the Six Degrees family Nice-to-have skills Penetration Testing City of London, England Work experience Pentester Security Analyst Languages English
- Company Name
- Tesco
- Job Title
- Principal Enterprise Security Architect
- Job Description
- What’s in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary Car Cash Allowance Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave About The Role Here at Tesco Cyber, we are seeking a highly skilled and experienced Enterprise Security Architect, who will be responsible for ensuring that all enterprise-built platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies, and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organizational security principles and best practices. You will be responsible for Design and implement robust security architectures for enterprise-wide capabilities, which our technology teams rely on regularly to operate their services and perform their day-to-day tasks efficiently, addressing identified threats and vulnerabilities. Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements, identifying security risks, and recommending mitigation strategies. Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs. Ensure all enterprise-built platforms align with our existing security framework and industry standards, while collaborating with other enabling and architecture teams to integrate security into all aspects of the organization's operations. Evaluate and enhance security processes to improve their efficiency and comprehensiveness. Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualization technologies, and databases. Develop and maintain security architecture documentation, including policies, diagrams, and procedural guides. Act as an SME and advise on the security of the M365 platform, workplace solutions, and infrastructure control plane capabilities such as virtualization layers (VMWare). Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organizational goals to enhance security posture. You will need Soft Skills Proven leadership experience as a technical individual contributor in complex organizations. Analytical mindset with a proactive approach to identifying and solving security challenges. Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences. Ability to work collaboratively with cross-functional teams while managing multiple initiatives. Demonstrated curiosity and flexibility in applying knowledge and advice. Technical Skills Demonstrable experience and expertise in designing, implementing, and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001, and MITRE. Expertise in security controls and best practices for cloud-based workplace environments. Proficiency in Microsoft 365 security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra, and Microsoft Purview. Expertise with virtualization platforms, ideally on VMware security solutions, including VMware NSX, VMware Carbon Black Cloud, and Horizon. Familiarity with virtualization security best practices and endpoint security. Proficiency in securing databases (e.g., SQL, NoSQL), with a focus on encryption, authentication, and monitoring solutions. Proficiency in risk analysis, security controls management planning, and disaster recovery planning. Experience with security technologies such as firewalls, intrusion detection/prevention systems, and encryption. Qualifications & Experience Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001). Bachelor's degree in Computer Science, Information Technology, or a related field. Minimum of 10 years of experience in information security, with at least 5 years in a security architecture role. Professional certifications such as SABSA, CISSP, CISM, or TOGAF are highly desirable. Professional certifications in risk management such as CRISC are desirable.