AWS China Response Security Engineer, AWS Security Operations, AWS Security
AWS 中国响应安全工程师、AWS 安全运营、AWS 安全
DESCRIPTION 说明
The AWS Cloud Response Team manages the security and availability of AWS Cloud services. We operate on the ‘AWS’ side of the Shared Responsibility Model to ensure “Security of the Cloud” and to protect our customers. This role requires engineers to work tactically with both internal and external stakeholders to solve security challenges at massive scale, and to think strategically to develop and implement changes to drive automation, scalability and continuous progress for the organization.
AWS 云响应团队负责管理 AWS 云服务的安全性和可用性。我们在共同责任模式的 "AWS "方面开展工作,以确保 "云安全 "并保护我们的客户。该职位要求工程师与内部和外部利益相关者开展战术合作,以解决大规模的安全挑战,并从战略角度思考开发和实施变革,以推动组织的自动化、可扩展性和持续进步。
We’re looking for talented software and systems professionals with a passion for security who thrive in high pressure environments to help us continue to raise the security bar for cloud computing.
我们正在寻找对安全充满热情、能在高压环境中茁壮成长的软件和系统专业人才,帮助我们继续提高云计算的安全标准。
Successful candidates should:
成功的候选人应
- be able to assess technical vs. business risks and consistently drive internal engineering teams to take the right actions in the appropriate time frames to mitigate risks.
- 能够评估技术风险和业务风险,并持续推动内部工程团队在适当的时间框架内采取正确的行动来降低风险。
- have a good mix of broad and deep technical knowledge and a demonstrated background in information security.
- 既有广博的技术知识,又有深厚的技术功底,并具有信息安全方面的明显背景。
- be technically proficient in the fields of network and operating system security, cryptography, software security, security operations, incident response, and emergent security intelligence.
- 精通网络和操作系统安全、密码学、软件安全、安全操作、事件响应和突发安全情报等领域的技术。
- possess a combination of troubleshooting, technical, and communication skills, as well as the ability to manage a mix of disparate tasks which may include small-project and software development work.
- 具备故障排除、技术和沟通技能,以及管理各种不同任务的能力,其中可能包括小型项目和软件开发工作。
- be comfortable challenging and escalating to senior leadership to always ensure the best outcome for customers.
- 善于向高层领导提出挑战和上报,始终确保为客户提供最佳结果。
An ideal candidate should be able to conduct most of the following:
理想的候选人应能开展以下大部分工作:
- Triage/assess security issues and engage with internal service teams to ensure prompt remediation of issues, escalating internally as necessary to ensure the right level of urgency and engagement.
- 分流/评估安全问题,并与内部服务团队合作,确保迅速解决问题,必要时在内部进行升级,以确保适当的紧迫性和参与度。
- Participate in efforts to promote security throughout the Company and build good working relationships within the team and with others across Amazon.
- 参与促进整个公司安全的工作,并在团队内部以及与亚马逊其他部门建立良好的工作关系。
- Demonstrate high ability and tolerance for extreme context switching and interruptions while staying productive and effective.
- 在保持高效率和高效益的同时,对极端情况的切换和中断表现出很高的能力和容忍度。
- Develop pragmatic solutions that achieve business requirements while keeping an acceptable level of risk.
- 制定务实的解决方案,在实现业务要求的同时,保持可接受的风险水平。
- Help with recruiting activities and administrative work.
- 帮助开展招聘活动和行政工作。
- Mentoring of junior staff and proactively share knowledge sharing within the team and across the company.
- 指导初级员工,积极主动地在团队和公司内部分享知识。
- Fulfill regular on-call responsibilities.
- 履行定期值班职责。
Key job responsibilities 主要工作职责
- Supply oversight of in-flight security issues.
- 提供对机上安全问题的监督。
- Triage new incoming issues to determine the level of risk they present to AWS, and then accordingly prioritise its remediation in conjunction with the impacted service team.
- 对新出现的问题进行分级,以确定其对 AWS 造成的风险程度,然后与受影响的服务团队一起确定修复的优先次序。
- Communicate the state of these issues to various audiences, both technical and non-technical, at various levels of seniority (up to and including AWS’ Chief Information Security Officer).
- 向不同级别的技术和非技术受众(包括 AWS 首席信息安全官)传达这些问题的现状。
- Escalate issues to senior AWS leadership if you feel your issues are not being treated at the correct pace due to their impact to ensure that we are putting customers first.
- 如果您认为您的问题因其影响而没有得到及时处理,请将问题上报给 AWS 高级领导,以确保我们将客户放在第一位。
- Explore building and improving our tooling to make your own life easier, and at the same time, sharing that benefit with all our engineers globally.
- 探索建立和改进我们的工具,使您自己的生活更轻松,同时与我们全球的所有工程师分享这种益处。
A day in the life
一天的生活
In the morning you will take handover from the previous Oncall and be delegated ownership of various security issues presently in-flight. The issues could relate to any of our 200+ products, so you will often need to learn on the go.
早上,您将与前一位 Oncall 接班,并负责处理当前飞行中的各种安全问题。这些问题可能涉及我们 200 多种产品中的任何一种,因此您经常需要随时学习。
You will engage various stakeholders, such as the internal service team who actually needs to fix the issue, along with AWS Security Leadership, Legal, and the leadership from the impacted service team.
您将与各种利益相关者接触,例如实际需要解决问题的内部服务团队、AWS 安全领导层、法律部门以及受影响服务团队的领导层。
As the day progresses, new issues will be automatically assigned to you based on your workload and you will be responsible for triaging them, determining their level of impact, and work towards resolving them at the appropriate pace.
随着时间的推移,新问题会根据你的工作量自动分配给你,你将负责分流这些问题,确定其影响程度,并以适当的速度解决它们。
At the end of the day, you will document all the issues you are tracking so they can be taken over by the site relieving you.
最后,你将记录下所有跟踪的问题,以便让网站接替你的工作。
About the team 关于团队
Cloud Response is a team inside AWS Security Operations. This team is broadly responsible for the 'AWS' side of the Shared Responsibility Model, and provides oversight of security issues from their identification through to resolution.
云响应是 AWS 安全运营内部的一个团队。该团队主要负责 "共同责任模式 "中的 "AWS "部分,并对安全问题从识别到解决的整个过程进行监督。
We work with other AWS teams and Seller of Record in China, to ensure security issues are resolved with the right level of urgency, whilst ensuring that our stakeholders are kept into the loop.
我们与中国的其他 AWS 团队和记录卖方合作,确保以适当的紧急程度解决安全问题,同时确保我们的利益相关者能够及时了解情况。
About Amazon Security: 关于亚马逊安全:
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services.
在亚马逊,安全是维护客户信任和提供愉悦客户体验的核心。我们的组织负责在亚马逊的所有产品和服务中创建和维护高标准的安全性。
Diverse Experiences 多样化的体验
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
亚马逊安全公司重视多样化的经验。即使您不符合职位描述中列出的所有资格和技能,我们也鼓励应聘者申请。如果您的职业生涯刚刚起步,没有走传统的道路,或包括其他经历,请不要因此而放弃申请。
Why Amazon Security 为什么选择亚马逊安全系统
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
在亚马逊,安全是维护客户信任和提供愉悦客户体验的核心。我们的组织负责在亚马逊的所有产品和服务中创建和维护高标准的安全性。我们为才华横溢的安全专业人员提供机会,让他们在云计算、设备、零售、娱乐、医疗保健、运营和实体店等多个领域积累经验,从而加速职业发展。
Work/Life Balance 工作与生活的平衡
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
我们重视工作与生活的和谐。工作上的成功绝不应该以牺牲家庭为代价,这就是为什么灵活的工作时间和安排是我们文化的一部分。当我们在工作和家庭中都感受到支持时,就没有什么是我们不能实现的。
Inclusive Team Culture 包容的团队文化
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
在亚马逊安保公司,学习和好奇是我们的天性。持续不断的 DEI 活动和学习经历激励我们不断学习,拥抱我们的独特性。要应对最严峻的安全挑战,我们就必须寻求和弘扬多样化的思想、观点和声音。
Mentorship and Career growth
导师和职业发展
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
我们不断提高绩效标准,努力成为 "地球最佳雇主"。因此,您将在这里找到无尽的知识共享、培训和其他职业发展资源,帮助您发展成为更全面的专业人士。
BASIC QUALIFICATIONS 基本资格
- Bachelor's degree in computer science or equivalent
- 计算机科学学士学位或同等学历
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 3 年以上以下各项的任意组合:威胁建模经验、安全编码、身份管理和身份验证、软件开发、密码学、系统管理和网络安全经验
PREFERRED QUALIFICATIONS 首选资格
- 5+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 5 年以上以下各项的任意组合:威胁建模经验、安全编码、身份管理和身份验证、软件开发、密码学、系统管理和网络安全经验
- 2+ years of scripting/coding experience in any language (including Bash/PowerShell scripting). Previous experience in Python scripting would be ideal.
- 2 年以上任何语言的脚本/编码经验(包括 Bash/PowerShell 脚本)。最好有过 Python 脚本编写经验。
- Understanding of best practices across multiple security disciplines/domains.
- 了解多个安全学科/领域的最佳实践。
- Extensive knowledge of Internet security issues, cloud architectures, and threat landscape.
- 广泛了解互联网安全问题、云架构和威胁状况。
- Experience with virtualization technologies, especially with AWS services.
- 拥有虚拟化技术,特别是 AWS 服务的经验。
- Strong proven knowledge of web protocols, common attacks, and an in-depth knowledge of Linux/Unix tools and architecture.
- 对网络协议、常见攻击以及 Linux/Unix 工具和架构有深入了解。
- Relevant industry certifications from SANS, ISC2, etc.
- 获得 SANS、ISC2 等相关行业认证。
- Demonstrated ability to work autonomously with a bias for action, critical and creative thinking.
- 具有自主工作能力,注重行动、批判性和创造性思维。
- Demonstrated ability to collaborate, develop partnerships and work effectively as a member of a team.
- 展现出作为团队成员开展合作、发展伙伴关系和有效工作的能力。
- Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills.
- 成熟度、判断力、谈判/影响力技能、分析技能和领导技能。
- Ability to prioritise multiple tasks and projects in a dynamic environment.
- 能够在动态环境中优先处理多项任务和项目。
- Effective written and oral communication with multiple levels of leadership involving both business and technical sides of the business.
- 与业务和技术方面的多级领导进行有效的书面和口头沟通。