Amazon
Security Engineer, Proactive Security
Amazon, Seattle, Washington, us, 98127
Job ID: 2723261 | Amazon Development Center U.S., Inc.AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows.
As a Security Engineer on AWS Proactive Security Team, you will help ensure our devices, applications, services, and systems are designed and implemented to the highest standards and resilient to the modern threats. If you enjoy building secure solutions (devices and services), analyzing the security of systems that span from hardware to cloud services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity.You will own security of unique and innovative products by helping integrate security right from the concept/design phase, through development, security assessments (architecture reviews, threat modeling, code reviews and security testing) and eventually deploying a secure solution for our customers. This position will provide exposure to diverse technology stack, working with highly talented engineers, opportunity to innovate and solve novel challenges while helping build smart and secure products/services for our customers.You will tackle challenging, novel technical problems every day and you will have the opportunity to work with multiple technical teams at Amazon in different locations. You should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before. Along the way, we guarantee that you will learn a ton, have fun and make a positive impact on millions of people.
Key job responsibilities
Application security reviews (Security architecture reviews, threat modeling, code reviews (Java, C/C++, Python) & security testing)Security reviews for Web applications, Cloud infrastructure reviews & IoT devicesWorking closely with product developers across hardware and software teams to incorporate security right from the design phase - throughout the development and deployment cycleSecurity guidance documentation & workflow automationSecurity metrics and process improvements contributionsAssistance with recruiting activities
A day in the life
Work with AWS development teams who build products such as Just Walk Out services, Dash Carts, and Amazon One to review the security of the applications, guide the build teams to address the identified security gaps, rollout and maintain secure solutions.BASIC QUALIFICATIONS
Bachelor's degree in computer science or equivalent3+ years of security engineering experience (security architecture reviews, threat modeling, code reviews & secure testing etc.), system and network security, authentication, security protocols, cryptography & application securityFamiliarity with common attack patterns and exploitation techniques for IoT devices, web & mobile applicationsKnowledge of commonly found software security vulnerabilities (like OWASP top 10) and remediation techniquesKnowledge of basic networking and network security related concepts (TCP/UDP, Firewalls/Switches, Wi-Fi security, TLS, etc.)PREFERRED QUALIFICATIONS
Experience in IoT/embedded device security (hardware & firmware security). Prior experience of working with software and hardware development engineers to build secure IoT devices at scale is advantageous for this roleExperience with Security Engineering and Assurance methodologies e.g. fuzzing, static and dynamic code analysisStrong understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)Demonstrable teamwork skills and resourcefulnessPossess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)Ability to drive multiple technically complex security reviews together while remaining effective at providing security guidance to stakeholdersStrong sense of ownership, urgency, and ability to drive initiatives with autonomyAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
#J-18808-Ljbffr
As a Security Engineer on AWS Proactive Security Team, you will help ensure our devices, applications, services, and systems are designed and implemented to the highest standards and resilient to the modern threats. If you enjoy building secure solutions (devices and services), analyzing the security of systems that span from hardware to cloud services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity.You will own security of unique and innovative products by helping integrate security right from the concept/design phase, through development, security assessments (architecture reviews, threat modeling, code reviews and security testing) and eventually deploying a secure solution for our customers. This position will provide exposure to diverse technology stack, working with highly talented engineers, opportunity to innovate and solve novel challenges while helping build smart and secure products/services for our customers.You will tackle challenging, novel technical problems every day and you will have the opportunity to work with multiple technical teams at Amazon in different locations. You should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before. Along the way, we guarantee that you will learn a ton, have fun and make a positive impact on millions of people.
Key job responsibilities
Application security reviews (Security architecture reviews, threat modeling, code reviews (Java, C/C++, Python) & security testing)Security reviews for Web applications, Cloud infrastructure reviews & IoT devicesWorking closely with product developers across hardware and software teams to incorporate security right from the design phase - throughout the development and deployment cycleSecurity guidance documentation & workflow automationSecurity metrics and process improvements contributionsAssistance with recruiting activities
A day in the life
Work with AWS development teams who build products such as Just Walk Out services, Dash Carts, and Amazon One to review the security of the applications, guide the build teams to address the identified security gaps, rollout and maintain secure solutions.BASIC QUALIFICATIONS
Bachelor's degree in computer science or equivalent3+ years of security engineering experience (security architecture reviews, threat modeling, code reviews & secure testing etc.), system and network security, authentication, security protocols, cryptography & application securityFamiliarity with common attack patterns and exploitation techniques for IoT devices, web & mobile applicationsKnowledge of commonly found software security vulnerabilities (like OWASP top 10) and remediation techniquesKnowledge of basic networking and network security related concepts (TCP/UDP, Firewalls/Switches, Wi-Fi security, TLS, etc.)PREFERRED QUALIFICATIONS
Experience in IoT/embedded device security (hardware & firmware security). Prior experience of working with software and hardware development engineers to build secure IoT devices at scale is advantageous for this roleExperience with Security Engineering and Assurance methodologies e.g. fuzzing, static and dynamic code analysisStrong understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)Demonstrable teamwork skills and resourcefulnessPossess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)Ability to drive multiple technically complex security reviews together while remaining effective at providing security guidance to stakeholdersStrong sense of ownership, urgency, and ability to drive initiatives with autonomyAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
#J-18808-Ljbffr