Sr. Threat Analyst

Amazon Customer Service (CS) is one of the largest customer service organizations in the world with a strong culture, going back to the earliest days of Amazon. Our business operations include tens of thousands of Customer Service Associates around the globe who provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing).

We focus on learning, sharing, innovating and having fun at work, and are customer-focused, with a direct line of engagement with our users. The Governance, Risk and Compliance (GRC) team have a new program focused on developing, operationalizing and managing a range of new and existing security initiatives with a significant positive impact. Our work is meaningful and directly impacts Amazon’s bottom line.

We are looking for an innovative, curious and open minded Sr. Threat Analyst, who is highly motivated, and process oriented, to play a fundamental role in our threat management program. A successful candidate will have experience delivering threat analytics, investigating incidents, and building automation and orchestration to combat a range of threats.

The goal of the threat operations team is to develop and continually enhance, efficient real-time monitoring and detections in support of security investigations to enhance the CS security posture. This role is critical in supporting the fundamental elements of our mission, earning and maintaining customer trust, and rigorously safeguarding customer data!
Key responsibilities include:
· Conducting technical analysis of large amounts of structured and unstructured data, including user activity data and alerts, to decipher underlying trends, uncover anomalies; and discern obscure patters and attributes, in order to produce investigative leads, identify indicators of compromise, and uncover loss events
· Leading highly sensitive, complex, and confidential threat investigations into technology misuse, incidents of data loss and intellectual property theft, conflict of interest, counterintelligence concerns, and other various policy violations
· Reviewing data in support of security inquiries and loss prevention efforts, and compiling results of analyses into variety of finished intelligence products to support stakeholders decision-making, and assist in creating detection and mitigation strategies
· Providing timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities
· Creating new tools, tactics and procedures (TTPs) for identifying insider, including proactive identification of new collection methodologies and briefing team members on emerging threats to support the continued improvement of the Threat Management Program
· Building threat models to quantify security risk against known adversarial behaviors and campaigns
· Completing special analytical projects as directed by leadership

Basic Qualifications

· BS degree in Computer Science, MIS, IT, Information Security, Computer Engineering, Statistics, or 5+ years’ equivalent technology experience
· 3-5 years of experience in cyber threat intelligence research and analysis, with demonstrated skills and knowledge of intelligence gathering principles, policies, and procedures including legal authorities and restrictions
· Experience using security event correlation tools and experience evaluating, analyzing, and synthesizing large quantities of data (which may be fragmented and contradictory) to deliver quality, fused targeting intelligence products
· Knowledge of fundamental digital forensics and data collection methodologies for extracting actionable intelligence, including techniques for identifying, prioritizing, and classifying threats
· Skill in developing analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists
· Deep understanding of tools and processes used in incident management and Data Loss Prevention (DLP) and the ability to identify security domain and tools/controls in place or needed to mitigate threats
· Knowledge of user and entity behavior analytics and associated technologies, and familiarity with SIEM tools such as Splunk
· Experience with large production environments with many types of services, databases and components
· In-depth knowledge of web protocols, Linux/Unix tools and architecture
· Outstanding attention to detail and accuracy

Preferred Qualifications

· Experience and hands on knowledge with preventative and detective database controls
· Experience in one or more of the following fields of work: National security, military, federal intelligence, criminology, and/or foreign areas and language
· Knowledge about retail and customer service ecosystems

· Experience in investigating eCrime (or abuse related to e-commerce) or online payment fraud is an Equal Opportunity Employer – Minority / Women / Disability / Veteran / Gender Identity / Sexual Orientation / Age.