M+E Technology Job Board

Security Engineer

  • Full Time
  • Seattle, WA
  • Applications have closed

Amazon Web Services


Amazon’s Offensive Security Team is looking to for a passionate Security Engineer to help secure Amazon products and services by partnering with the external security research community and white-hat hackers.

This role is responsible for the engagement and operation of Amazon’s newly established bug bounty program – Amazon VRP (Vulnerability Reporting Program), including validation of findings, interfacing directly with security researchers outside of Amazon, supporting internal service owners with end-to-end remediation efforts, and influencing the internal technology ecosystem to pursue best security practices.

A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, such as the Incident Response and Application Security teams as issues are discovered, as well as provide technical leadership and advice to teams throughout Amazon.

Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. This role will be expected to provide thought leadership for the organization as you invent and innovate in the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.

– Research, reproduce and respond to various security vulnerabilities reported to the VRP program.
– Manage relationships with external security researchers and white-hat hackers working with Amazon.
– Lead end-to-end remediation efforts, from report through verification.
– Take a technical leadership role in innovating and driving company-wide initiatives.
– Evangelize security culture to the internal business units.
– Communicate bug bounty findings and provide technical direction with leadership and developers to create and execute remediation plans.

– BS in Computer Science or related field, or equivalent work experience.
– 1+ years in an Information Security role, preferably in application security, penetration testing, red teaming, incident response or a technical engineering role.
– Knowledge and understanding of security engineering, application security in web, mobile, IoT and cloud, system and network security, cryptography, authentication and security protocols.
– Programming experience in several of interpreted, compiled or web languages: Python, Perl, JavaScript, Go, Ruby, C/C++, Java or C#.
– Solid knowledge of vulnerability assessment and remediation best practices.
– Strong sense of ownership, urgency, and drive.
– Strong communication abilities with researchers and internal teams.

– Experience with driving large, company-wide initiatives.
– Experience in web, mobile, IoT and cloud based application/service assessment.
– In-depth understanding of security vulnerabilities and experience in vulnerability research.
– Advanced knowledge and understanding of security engineering, application security in web, mobile, IoT and cloud, system and network security, cryptography, authentication and security protocols
– Experience in contributing to bug bounties/CVEs or running an internal bug bounty program.
– Experience providing training and mentorship.
– Advanced communication and presentation skills.
– Demonstrable teamwork skills and resourcefulness.
– Independent project management capability.
– Ability to make concrete progress in the face of ambiguity and imperfect knowledge.
– Sharp analytical abilities and proven design skills.