Senior Security Engineer - Applications Security

Amazon.com Services LLC Seattle, WA

About the Job

Amazon is seeking a talented and seasoned Senior Applications Security Engineer to focus on securing the ecosystem that powers Amazon Customer Service (CS). CS is one of the largest customer service organizations in the world. Our business operations include tens of thousands of Customer Service Associates around the globe who provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing).

This position will provide you with a challenging opportunity to solve difficult security problems at planetary scale. As a senior security engineer, you will help define short-term and long-term security strategy. You will balance your efforts between strategic and operational deliverables. You will have the opportunity to work with talented engineering teams within Amazon to ensure applications are designed and built securely. You care deeply about keeping Amazon customers secure and therefore are passionate about finding, and mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization (technical and non-technical). The successful candidate must be autonomous, comfortable operating in highly ambiguous situations, and relish the idea of solving security problems at scale.


Your responsibilities will include:

· Develop a broad and deep technical understanding of the services, architectures, and products pertaining to the Customer Service organization
· Develop long-term and short-term security strategy to ensure that applications are designed and built securely
· Comfortably transition between big picture, strategic thinking and tactical, day-to-day operational execution
· Partner with stakeholders to perform design and architecture reviews, threat modeling and threat assessments, code reviews, and security testing.
· Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term and short-term risk mitigation recommendations
· Improve secure software development life-cycle (SSDLC) practices across the organization
· Influence decision-makers and stakeholders to achieve a consistently high security bar
· Create relevant documentation, security guidance, and metrics to report to your stakeholders and business leaders and deliver these in a clear, concise manner
· Design and develop innovative and scalable security automation tools using scripting/programming languages
· Lead security initiatives (including security reviews, tool development, and creation of new security practices) with end-to-end ownership
· Participate in security escalations support
· Evaluate and recommend new and emerging security products and technologies
· Support for mentoring, team building, and recruiting activities
· Carry out/own new, reoccurring, and ad-hoc security engineering projects and consultation
· Must be obsessed with delivering the most customer-centric experience on the planet
· Must be a kind human who enjoys working in a fun team




BASIC QUALIFICATIONS

· BS in Computer Science, Information Security, or equivalent professional experience
· 8+ years of demonstrated experience in application security, product security, or systems security
· Proven experience in at least one scripting or compiled language such as Java, Python, Perl, JavaScript, Go, Ruby, C# or C/C++
· Deep technical understanding of OWASP Top 10, and SANS 25 vulnerability identification and remediation
· Proven experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation.
· Proven experienced securing cloud services such as AWS, Azure, and Google Cloud

PREFERRED QUALIFICATIONS

· Master’s degree in Computer Science, Information Security, Computer Engineering, Electrical Engineering or equivalent
· Relevant industry certifications from SANS, GIAC, CISSP, OSCP, etc.
· 3+ years of programming experience with at least one programing language such as Java, Python, Perl, JavaScript, Go, Ruby, C# or C/C++
· Excellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels including senior leadership
Self-starter who can work autonomously with the ability to deliver results in a fast-paced, highly ambiguous environment
· Ability to drive multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
· 3+ years of experience in penetration testing, offensive security, or red teaming

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, visit https://www.amazon.jobs/en/disability/us .