Our Large-Scale Risk Reduction team (LSR or Laser) is looking for an innovative and impact-driven senior security engineer who has a strong passion for security at scale. The Laser team secures the business by identifying systemic risk plaguing our corporate builder teams and building scalable solutions that leads to lasting change across the company.
A senior security engineer in this role will operate across multiple Amazon Security teams and will leverage their diverse and deep expertise to drive strategic risk reduction with business leaders at the highest levels. You will work with Product Security teams and Red Teams to identify patterns and root-cause, develop solutions with Amazon builder teams, and implement complex technical projects at Amazon scale.
Key job responsibilities
- Work with Product Security teams, Red Teams, and Defensive teams to identify systemic issues across the enterprise
- Partner with builder teams to understand the challenges they face, and root-cause issues using multiple perspectives
- Write compelling narratives for stakeholders to consume and understand risk and impact
- Write crisp executive summaries for presentation to stakeholders and executives
- Develop innovative accelerators, tools, and mechanisms to develop solutions for complex issues
- Facilitate forums with principal engineers to drive consensus on appropriate solutions
- Develop prototypes to solve complex security problems at-scale
BASIC QUALIFICATIONS
- 6+ years of experience in two or more of the following security domains categories: Pentesting, Red Teaming, Security Architecture, Data Analytics, SDLC, or Application Security
- 6+ years of experience running offensive security or deep dive campaigns in large, complex organizations
- 5+ years of experience performing penetration testing
- 3+ years of experience with AWS technologies and services
- Demonstrated proficiency with Python, C/C++, Lua, Golang, or Rust. Ability to prepare technical specifications and executive-ready communications
PREFERRED QUALIFICATIONS
- Experience as a software or devops engineer, or security engineer, working with developer teams that delivered commercial software or services
- Threat modeling experience and knowledge of AWS Cloud Security principles
- Threat hunting and/or detection engineering and experience in automation and orchestration (Chef, Puppet, Ansible, etc)
- GIAC Defensible Security Architecture (GDSA), OSCP, OSCE3, OSWE, or similar
- Published CVEs, offensive tools, or articles
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.