Application Security Manager, re:Cycle Reverse Logistics

Description

The re:Cycle Reverse Logistics (RRL) organization offers worldwide cloud computing providers with a centralized means to sort, function test, in-warranty return, and disposition server and networking assets that break or are no longer needed in the fleet. The RRL Operations Integration team supports RRL’s operations by developing and administrating the warehouse operational processes, as well as the organization’s cloud-based software solutions, cross-service integrations, and cross-organizational relationships that make our processes and systems (used by 400+ operators worldwide) possible. The team is seeking a detail-oriented, forward-thinking, and self-motivated Application Security Manager to take ownership of the organization’s proactive application security programs, ensuring that the systems and integrations used to track RRL’s assets is consistently and proactively secured in the wake of ongoing system changes in a fast-evolving technological landscape.

The Application Security Manager is the organization's primary owner for application security across our global portfolio of three cloud-based solutions — responsible for establishing and sustaining the security posture of every application and integration our team owns. This is a net new role built on the belief that application security must be owned proactively, not reactively — by someone who hunts for vulnerabilities rather than waiting for them to surface. Our Application Security Manager will own penetration testing strategy and execution, vulnerability identification and resolution, security incident response, threat modeling, recurring security audits, and automated security tooling across all three applications. They will ensure that authentication mechanisms, credentials, and secrets are consistently maintained, and that all cross-organizational security commitments are honored. They will engage regularly with engineering and product teams to evaluate new feature designs and assess code for vulnerabilities before anything reaches production, and will partner with compliance and vendor management teams to ensure third-party integrations are reviewed and implemented securely.

Key job responsibilities
• Define and implement recurring penetration testing strategies to proactively identify application security vulnerabilities and drive them to resolution.
• Conduct application code review evaluations and provide detailed assessments that highlight risks, vulnerabilities, and recommended remediations.
• Manage application security incident response, analysis, root cause identification, and repair to minimize impact and prevent recurrence.
• Analyze cross-organizational integrations and automation equipment, and lead associated vendor, data, and security reviews from documentation through resolution, ensuring that only secured solutions are implemented.
• Develop and maintain organizational threat models to identify emerging risks and ensure the team consistently raises the security bar across all applications.
• Conduct recurring proactive security audits on application access points, configurations, integrations and upstream/downstream systems, and internal and shared resources to identify and resolve accessibility and data security risks.
• Develop formal documentation and security policies to effectively communicate our application security posture to a variety of internal and external stakeholders.
• Maintain application credential, authentication, and secret management mechanisms to ensure access controls remain robust and current.

Basic Qualifications

- Bachelor's degree in Cybersecurity, Information Security, or a related field
- Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
- Experience in one or more of the following: application security frameworks, security code reviews, incident response, security infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls

Preferred Qualifications

- CISSP, CISA, CISM or other security certification
- Knowledge of one or more of the following domains: access-control system and methodology, network security, application- and system-development security, security architecture and models, cryptography, and operations security
- Experience in vulnerability testing and auditing
- Experience in scripting, programming, or security code reviewing in a common language, such as Python, Java, or C++
- Experience with threat modeling and penetration testing, or experience with virtualization (Hypervisors, VMware, Xen) and experience in deploying identity and access management systems

Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.