Amazon
Pentest Security Engineer, Devices & Services Pentesting
Amazon, Sunnyvale, California, United States, 94087
Pentest Security Engineer, Devices & Services Pentesting
Job ID: 2847042 | Amazon.com Services LLC Come join our penetration testing team dedicated to the detection and exploitation of vulnerabilities from Amazon’s consumer services and devices to the Kuiper satellites. This includes conducting in-depth reviews of complex service workflows including authentication mechanisms, AI, mobile, web applications, and web service APIs. Pentesters also invent new ways to automate and improve their work with techniques including AI/LLMs, fuzzing, detection at scale, and static analysis. Our team operates under the Amazon Devices and Services Trust & Security (DSTS) organization which was formed in 2014 with the mission of protecting Amazon Devices & Services (D&S) customers’ trust, data, and the systems on which they rely. We protect customers by performing security reviews, offensive testing, vulnerability assessments, and provide guidance for remediations. The DSTS penetration testing organization is growing and seeking an experienced web penetration tester to help shape the future of Amazon’s service security. You will work with builder teams and product owners to perform penetration testing and identify high-impact security vulnerabilities across the web services ecosystem supporting Amazon’s devices. The ideal candidate will be expected to comprehend large complex web service architectures, dive deep into a service's source code, and to get some exposure to device penetration tests. In this role, you will be part of a dedicated team of talented penetration testers identifying vulnerabilities in the devices and services ecosystem. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping millions of customers that rely on Amazon’s consumer products safe and are passionate about mitigating vulnerabilities by providing actionable guidance to product teams. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. Key job responsibilities
Contribute to penetration tests against services and software released by Amazon’s Devices & Services organization. Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques. Review and influence technical solutions to mitigate security vulnerabilities. Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation. Continuous growth and development of technical skillsets while contributing to standing projects for program improvement in DSPT. BASIC QUALIFICATIONS
Bachelor’s degree in Computer Science or related field and 1+ year of equivalent industry experience or 3+ years of equivalent industry experience. Core understanding of web application and service API vulnerabilities. Experience tracing sources and sinks during code review to identify vulnerabilities. Experience designing and reviewing secure system architectures. Knowledge of cloud service providers and their offerings, preferably AWS. PREFERRED QUALIFICATIONS
Foundational knowledge of hardware security fundamentals. Experience in CTF competitions, CVE research, and/or Bug Bounty recognition. Experience with Microservice architectures, AI/ML technologies, scripting and tooling. Published security research. Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Posted:
December 13, 2024
#J-18808-Ljbffr
Job ID: 2847042 | Amazon.com Services LLC Come join our penetration testing team dedicated to the detection and exploitation of vulnerabilities from Amazon’s consumer services and devices to the Kuiper satellites. This includes conducting in-depth reviews of complex service workflows including authentication mechanisms, AI, mobile, web applications, and web service APIs. Pentesters also invent new ways to automate and improve their work with techniques including AI/LLMs, fuzzing, detection at scale, and static analysis. Our team operates under the Amazon Devices and Services Trust & Security (DSTS) organization which was formed in 2014 with the mission of protecting Amazon Devices & Services (D&S) customers’ trust, data, and the systems on which they rely. We protect customers by performing security reviews, offensive testing, vulnerability assessments, and provide guidance for remediations. The DSTS penetration testing organization is growing and seeking an experienced web penetration tester to help shape the future of Amazon’s service security. You will work with builder teams and product owners to perform penetration testing and identify high-impact security vulnerabilities across the web services ecosystem supporting Amazon’s devices. The ideal candidate will be expected to comprehend large complex web service architectures, dive deep into a service's source code, and to get some exposure to device penetration tests. In this role, you will be part of a dedicated team of talented penetration testers identifying vulnerabilities in the devices and services ecosystem. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping millions of customers that rely on Amazon’s consumer products safe and are passionate about mitigating vulnerabilities by providing actionable guidance to product teams. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. Key job responsibilities
Contribute to penetration tests against services and software released by Amazon’s Devices & Services organization. Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques. Review and influence technical solutions to mitigate security vulnerabilities. Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation. Continuous growth and development of technical skillsets while contributing to standing projects for program improvement in DSPT. BASIC QUALIFICATIONS
Bachelor’s degree in Computer Science or related field and 1+ year of equivalent industry experience or 3+ years of equivalent industry experience. Core understanding of web application and service API vulnerabilities. Experience tracing sources and sinks during code review to identify vulnerabilities. Experience designing and reviewing secure system architectures. Knowledge of cloud service providers and their offerings, preferably AWS. PREFERRED QUALIFICATIONS
Foundational knowledge of hardware security fundamentals. Experience in CTF competitions, CVE research, and/or Bug Bounty recognition. Experience with Microservice architectures, AI/ML technologies, scripting and tooling. Published security research. Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. Posted:
December 13, 2024
#J-18808-Ljbffr