Security Engineer, Specialized Businesses Security, Vulnerability Management

Job ID: 2907760 | Amazon.com Services LLC

Amazon’s Specialized Businesses Security team is seeking an innovative Security Engineer to join our Vulnerability Management Detection Team. In this position, you will focus on detection, assessment, triage and supporting remediation of vulnerabilities. You will work with a diverse set of security scanning tools to support our application security vulnerability detection capabilities. Your goal will be to deeply understand Amazon’s innovative Devices and Services to enhance our vulnerability detection capabilities throughout the Software Development Lifecycle (SDLC). You will partner with development teams to drive prioritization and remediation of vulnerabilities to help deliver secure products for our customers.

1. Developing and tuning custom, open source and third-party high quality automated detection tools (e.g. static analyzers, fuzzers, scanners, etc.) to perform variety of security vulnerability analysis (SAST, DAST, SCA, etc.)
2. Reviewing output of automated detection tools for accuracy
3. Analyzing public and private vulnerability disclosures to analyze impact on Amazon Devices and Services
4. Providing actionable long-term risk prioritization and mitigation guidance to drive security improvements at scale
5. Proposing mechanisms for integrating security detection tools into the development lifecycle
6. Collaborate with partners across Amazon to develop scalable solutions to security problems

1. 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
2. Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security
3. Bachelor's degree in computer science or equivalent
4. 3+ years hands-on experience in Vulnerability Management, Product Security and/or Application Security

1. 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
2. Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
3. Experience with AWS products and services
4. Knowledge of common software security vulnerabilities (memory corruption, privilege escalation, web application exploitation, protocol-based weaknesses, etc.) and analyzing their impact
5. Working experience with vulnerability detection tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Open Source Composition Analysis (SCA)
6. Experience with scripting (Python, bash, etc.)

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.