Senior Security Engineer, Large-Scale Risk – Corporate Services Security

Job ID: 2894261 | Amazon.com Services LLC

We are open to hiring candidates to work out of one of the following locations:

Seattle, WA, USA
Arlington, VA, USA

At Amazon, we are laser-focused on earning and maintaining customer trust. The Corporate Services Security team (CPSS) protects critical business services that our employees use to deliver the best products and services on planet earth.

Our Large-Scale Risk Reduction team (LSR) is looking for an innovative and impact-driven senior security engineer who has a strong passion for security at scale. The team secures the business by identifying systemic risk plaguing our corporate builder teams and building scalable solutions that lead to lasting change across the company.

A senior security engineer in this role will operate across multiple Amazon Security teams and will leverage their diverse and deep expertise to drive strategic risk reduction with business leaders at the highest levels. You will work with Product Security teams, Red teams, and Blue teams to identify patterns and root-cause, develop solutions with Amazon builder teams, and implement complex technical projects at Amazon scale.

Key job responsibilities

1. Work with Product Security teams, Red teams, and Defensive teams to identify systemic issues across the enterprise
2. Partner with builder teams to understand the challenges they face, and root-cause issues using multiple perspectives
3. Write compelling narratives for stakeholders to consume and understand risk and impact
4. Write crisp executive summaries for presentation to stakeholders and executives
5. Develop innovative accelerators, tools, and mechanisms to develop solutions for complex issues
6. Facilitate forums with principal engineers to drive consensus on appropriate solutions
7. Develop and propose solutions to solve complex security problems at-scale

- 6+ years of experience in two or more of the following security domains: Pentesting, Red Teaming, Security Architecture, Data Analytics, SDLC, and/or Application Security
- 3+ years of experience with AWS technologies and services
- Experience driving deep dive campaigns in large, complex organizations
- Demonstrated proficiency with Python, C/C++, Lua, Golang, or Rust.

- Experience as a software or devops engineer, or security engineer, working with developer teams that delivered commercial software or services
- Threat modeling experience with proficiency in cloud security architecture best practices
- Proficient in secure code review
- Threat hunting and/or detection engineering with experience in automation and orchestration
- Proficient with effective, if not scrappy, scripting
- Published CVEs, offensive/defensive tools, or articles
- GIAC Defensible Security Architecture (GDSA), OSCP, OSCE3, OSWE, or similar

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

Posted: February 5, 2025 (Updated about 3 hours ago)