Vacancy expired!
Job summaryGood storytelling starts with great listening. At Audible, that means each role and every project has our audience in mind. Because the same people who design, develop, and deploy our products also happen to use them. To us, that speaks volumes.
ABOUT THIS ROLEAs a Security Engineer at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers, Application Developers and System Engineers to protect our customers and Audible's business.ABOUT THE TEAMAudible Information Security team is looking for a Security Engineer to join our world class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications and data assets.As a Security Engineer, you will- Perform third party security risk assessment and due diligence, including managing questionnaire response, evidence verification, and report preparation.
- Assess and secure third-party integrations, services, solutions and partnerships, ensuring controls are implemented to the highest security standards.
- Conduct internal security and confidential information investigations and information usage security audits.
- Provide guidance on risk, compliance, and policy to technical and non-technical internal customers.
- Assess and prioritize security assessment findings and recommend appropriate mitigations.
- Respond to security violations, vulnerabilities, and incident detections.
- Provide security training and outreach to internal teams and external supply chain partners.
- Ensure timely delivery of security goals, and make recommendations for incremental process improvement
- Contribute to / provide feedback on the development of security standards and control requirements.
- 2+ years of non-internship professional experience including experience with third party risk assessment, web application risk assessment, data protection, incident response.
- Proven experience with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy).
- Experience with Amazon Web Services (AWS) products and security controls.
- Proficient in at least one programming language - Java preferred.
- BS in Engineering or Computer Science, or other relevant degree.
- Ability to communicate effectively with both technical and non-technical stakeholders across multiple business units.
- Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).
- Current knowledge around web and mobile application vulnerabilities, attacks, and mitigation methods.
- Experience with developing and maintaining relevant security assessment risk metrics.
- Experience using GRC tools and technologies.
- Proficient in at least one programming language - Java preferred.
- AWS certifications such as AWS Certified Security - Specialty, AWS Certified Cloud Practitioner, or other security related certifications such as CEH, Security+, or GSEC.
Vacancy expired!