Sr. Security Engineer, Internal Audit Security
Seattle, Washington
Employer: Amazon
Industry: Systems, Quality, \u0026 Security Engineering
Salary: $143300 per year
Job type: Full-Time
Amazon's Internal Offensive Security Research team is looking for a skilled security researcher to join our team's efforts to help keep Amazon secure by uncovering and exploiting vulnerabilities present across the scope of Amazon products and services.
At Amazon, we're working to be the most customer-centric company on Earth. This team strives to protect our customers and their data through analyzing the systems that work for them. Are you ready to partner with Amazon's cutting-edge business and engineering groups to uncover vulnerabilities in Amazon's software? Are you looking for a position that will leverage and grow your vulnerability assessment/exploitation skills, expand your knowledge of technology at scale, and provide opportunities to problem solve with some of the best minds in the industry? Then this is the position for you.
Key job responsibilities
- Conduct full cycle engagements with business units as part of a team
- Perform vulnerability assessments of client systems, hardware, services, APIs, and networks to discover vulnerabilities
- Thoroughly document exploit chain/proof of concept scenarios for client consumption
- Interpersonal skills to work across teams and within different areas and groups
- Excellent written and verbal communication skills with the ability to summarize technical vulnerabilities in concise and actionable recommendations for senior leadership
A day in the life
This role has a broad scope which includes source code review, network penetration, reverse engineering, and application exploitation. Additionally, the Security Engineer is expected to design, develop, and execute novel abuse scenarios engineered to push the limits of Amazon's detection processes and capabilities. In this position you will explore a variety of different products and services created by Amazon. You must be able to understand complex business processes and technology to identify the full range of risks that could be exploited.
About the team
Candidates must demonstrate resilience and navigate difficult situations with composure and tact.
This role requires implementation of one's security knowledge, coupled with the ability to learn and operate as part of a team of highly skilled individuals.
BASIC QUALIFICATIONS
- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- 5+ years of security engineering experience
- Experience working with development teams that have delivered commercial software or software-based services
- Knowledge of threat modeling or other risk identification techniques, and experience with the application of threat modeling or other risk identification techniques
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
PREFERRED QUALIFICATIONS
- 5+ years of experience in penetration testing and/or red teaming on production systems
- Proven track record of finding zero days
- Knowledge of network and related web protocols (e.g., TCP/IP, UDP, HTTP/S)
- Development experience in C, C++, Java, and/or assembly (x86,x86-64, ARM)
- Knowledge of operating system internals, with emphasis on Linux
- Experience with system and network security, authentication and security protocols, cryptography, and application security
- Experience scoping and performing penetration testing and vulnerability research on large systems-of-systems
- Experience with Security Engineering and Assurance methodologies; e.g., symbolic execution, fuzzing, static and dynamic code analysis
- Experience working closely with security and incident response teams
- Knowledge of technical security issues facing large companies.
- Experience with AWS products and services
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
At Amazon, we're working to be the most customer-centric company on Earth. This team strives to protect our customers and their data through analyzing the systems that work for them. Are you ready to partner with Amazon's cutting-edge business and engineering groups to uncover vulnerabilities in Amazon's software? Are you looking for a position that will leverage and grow your vulnerability assessment/exploitation skills, expand your knowledge of technology at scale, and provide opportunities to problem solve with some of the best minds in the industry? Then this is the position for you.
Key job responsibilities
- Conduct full cycle engagements with business units as part of a team
- Perform vulnerability assessments of client systems, hardware, services, APIs, and networks to discover vulnerabilities
- Thoroughly document exploit chain/proof of concept scenarios for client consumption
- Interpersonal skills to work across teams and within different areas and groups
- Excellent written and verbal communication skills with the ability to summarize technical vulnerabilities in concise and actionable recommendations for senior leadership
A day in the life
This role has a broad scope which includes source code review, network penetration, reverse engineering, and application exploitation. Additionally, the Security Engineer is expected to design, develop, and execute novel abuse scenarios engineered to push the limits of Amazon's detection processes and capabilities. In this position you will explore a variety of different products and services created by Amazon. You must be able to understand complex business processes and technology to identify the full range of risks that could be exploited.
About the team
Candidates must demonstrate resilience and navigate difficult situations with composure and tact.
This role requires implementation of one's security knowledge, coupled with the ability to learn and operate as part of a team of highly skilled individuals.
BASIC QUALIFICATIONS
- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- 5+ years of security engineering experience
- Experience working with development teams that have delivered commercial software or software-based services
- Knowledge of threat modeling or other risk identification techniques, and experience with the application of threat modeling or other risk identification techniques
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
PREFERRED QUALIFICATIONS
- 5+ years of experience in penetration testing and/or red teaming on production systems
- Proven track record of finding zero days
- Knowledge of network and related web protocols (e.g., TCP/IP, UDP, HTTP/S)
- Development experience in C, C++, Java, and/or assembly (x86,x86-64, ARM)
- Knowledge of operating system internals, with emphasis on Linux
- Experience with system and network security, authentication and security protocols, cryptography, and application security
- Experience scoping and performing penetration testing and vulnerability research on large systems-of-systems
- Experience with Security Engineering and Assurance methodologies; e.g., symbolic execution, fuzzing, static and dynamic code analysis
- Experience working closely with security and incident response teams
- Knowledge of technical security issues facing large companies.
- Experience with AWS products and services
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Created: 2024-08-22
Reference: 2731467
Country: United States
State: Washington
City: Seattle
ZIP: 98109
About Amazon
Founded in: 1994
Number of Employees: 1600000
Website: https://www.amazon.com/
Career site: https://www.amazon.jobs/en/
Instagram: https://www.instagram.com/amazon/
LinkedIn: https://www.linkedin.com/company/amazon/
Facebook: https://www.facebook.com/Amazon