Security Compliance Engineer, Ops Compliance & Certification
Amazon Development Center Germany GmbH•2h ago
DE, BE, BerlinOnsiteFull-timeEntry Level0-1 yrs exp
Top focus
Security EngineerCompliance OfficerCloud Security EngineerSecurity Architect
- At Amazon Devices & Services, we imagine the future
- then create it. Join brilliant minds to build new categories of technology that become part of everyone's everyday life. Together, we create connected experiences and transform lives, communities
- the world with our work. The Compliance & Certification team are looking for a graduate cybersecurity professional to work with many of Amazon's world renowned devices and services (such as Ring, Blink, etc.) by supporting secure infrastructure, network security, automation, compliance
- operational monitoring. This role is ideal for someone with hands-on Linux experience, practical lab projects, scripting ability
- academic knowledge of cybersecurity, digital forensics, incident response, ethical hacking
- security governance. You will help configure and monitor embedded systems, virtual machines, containers, firewalls, DNS filtering tools
- security services. You will also assist with automation using Python and Bash, investigate basic security events, support secure networking
- contribute to technical documentation, evidence collection
- internal knowledge sharing. Key job responsibilities - Maintain accurate technical documentation for security controls, infrastructure configurations, operational processes
- compliance evidence - Map technical security controls to internal policies, standards
- compliance requirements - Support audit preparation by gathering evidence, validating documentation
- helping respond to audit-related requests - Track security findings, remediation actions
- control gaps through to completion - Ensure infrastructure changes follow approved security, compliance
- change management requirements - Support secure infrastructure operations across Linux systems, virtual machines, containers, firewalls, DNS filtering tools
- security services - Assist with network security monitoring, basic event investigation
- operational security checks - Contribute to automation activities using scripting tools such as Python and Bash to improve monitoring, reporting
- repeatable operational tasks - Work with technical teams to document risks, security impacts
- required remediation steps. - Translate technical security concepts into clear guidance for both technical and non-technical stakeholders - Support internal knowledge sharing by documenting procedures, lessons learned
- technical findings - Work across cybersecurity, infrastructure operations
- compliance activities in a structured enterprise environment A day in the life A typical week may include reviewing technical evidence for security controls, supporting audit requests, mapping infrastructure controls to internal policies or security frameworks, tracking remediation actions, reviewing change records for compliance impact
- helping teams document how their systems meet security requirements. The work requires attention to detail, strong communication
- the ability to translate technical information into clear compliance evidence. About the team You will join a cybersecurity compliance team focused on helping the organisation meet its security, regulatory
- audit obligations while enabling secure technology operations. The team works at the intersection of cybersecurity, governance, risk management, infrastructure
- internal control assurance. Our mission is to make cybersecurity compliance clear, evidence-based
- practical. We help ensure that security controls are properly defined, implemented, documented, tested
- continuously improved. The team supports audit readiness, control mapping, remediation tracking, policy alignment
- security governance across enterprise systems and technology processes. This is a strong environment for someone early in their cybersecurity career who wants to build experience in governance, risk
- compliance (GRC) while staying close to technical security. The role offers exposure to security frameworks, audit preparation, technical control validation, evidence collection, risk remediation, policy compliance
- enterprise security processes.
- Experience in the Linux environment - Experience with a scripting language such as PowerShell, Python, Bash, Perl, Ruby or similar - Knowledge of networking fundamentals - Awareness of cybersecurity principles, system hardening, ethical hacking
- incident response - Experience with virtual machines, containers
- lab-based infrastructure
- Degree in Cyber Security, Computer Science, Information Technology, Networking, Digital Forensics
- a related field - Experience with Linux Containers
- virtualisation platforms - Experience with Pi-hole, Fail2ban, Wireshark, Nmap
- Metasploit - Exposure to Active Directory or Lightweight Directory Access Protocol (LDAP) - Experience with IoT systems using ESP32, NodeMCU, MQTT, InfluxDB
- Grafana Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( https://www.amazon.jobs/en/privacy_page ) to know more about how we collect, use and transfer the personal data of our candidates. m/w/d Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Required skills
LinuxPythonBashnetworkingcybersecuritydigital forensicsincident responseethical hackingsecurity governancevirtual machinescontainersActive DirectoryLDAPIoTPi-hole