Penetration Testing Engineer

We are looking for an excellent pentest engineer. In an interview and in the role, you'd need to have the knowledge and understanding to:

• Script your way out of problems and clearly explain the mitigation of your findings to blue team and product owners.
• Audit code sufficiently to find bugs.
• Provide design suggestions, such as for crypto and infrastructure, when asked.
• Test infrastructure.
• Validate existing issues and verify that the suggested fixes work.
• Learn new things quickly.

We seek a Penetration Testing Engineer passionate about security at scale. You will be part of a team responsible for delivering continuous assessments, solving complex technology problems, building tools to automate manual efforts, and influencing Amazon services' response to threats.

Amazon security covers many platforms and technologies, including cloud services, IoT, IAM, mobile devices, virtualization, and custom hardware, all at a massive scale.

You must produce results despite ambiguity and imperfect knowledge, foster constructive dialogue, and drive resolution when disagreements occur. You are seen as a technical leader, working efficiently and delivering impactful results with limited guidance. Your work involves ambiguous problems in hardware and software initiatives, with a long-term view on processes and software, understanding their business context. You proactively address architectural deficiencies and propose larger projects, breaking them into manageable tasks for yourself and others.

• Contribute to the design, implementation, and execution of security review and testing methodologies for critical production services, ensuring risk remediation.
• Perform design reviews, threat modeling, security reviews, penetration testing, and red teaming on production systems.
• Scope and conduct penetration testing and vulnerability research on complex proprietary software and hardware.
• Collaborate with Amazon Security teams to develop large-scale testing, monitoring, remediation, and analytics solutions.
• Work with internal development teams to create comprehensive security tooling and improvements at scale.
• Demonstrate exceptional judgment, integrity, business acumen, and communication skills.
• Prepare and present detailed technical information for internal and external audiences.

Our team values work-life balance, offering flexible schedules to promote productivity and well-being. We support new members through knowledge sharing and mentorship, aiming to develop engineers capable of handling complex tasks. Amazon embraces diversity and inclusion, with employee-led affinity groups, benefits, and learning opportunities, all aligned with our Leadership Principles, which emphasize seeking diverse perspectives, curiosity, and earning trust.

• Bachelor's degree in Computer Science, Cybersecurity, or related fields, or equivalent professional experience.
• Passion for internet security issues and understanding of the threat landscape.
• Expertise in at least two of: security architecture and engineering, network security, IAM, security assessment and testing, cryptography, or software security.
• Data-driven, supporting ideas with evidence.