Application Security Engineer, Amazon

• A security engineer is also expected to be a mentor for others and be a trusted security advisor within the organization
• As a security engineer at Amazon, you are expected to have technical expertise in multiple domains and provide significant contributions to the AWS Security team and to multiple groups throughout Amazon
• As a security engineer at Amazon, you are expected to demonstrate strong Amazon leadership principles
• This role requires the ability to foster constructive dialogue and seek resolution when confronted with differing opinions on security risks
• A successful candidate will need a combination of troubleshooting, technical, and communication skills
• An AWS Security engineer must have the ability to take ownership and deliver on multiple complex objectives which may include project and software development work
• Bachelor's degree in computer science or equivalent
• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
• Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
• Knowledge of networking protocols such as HTTP, DNS and TCP/IP
• Experience with programming languages such as Python, Java, C++

Desirable

• AWS Security is looking for a Security Engineer to design security controls and help validate that our services, applications, and emerging technologies are designed and implemented to the highest security standards
• You will be engaging with teams creating exciting new technologies, requiring highly customized security judgment outside of existing IT and security structures
• You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to remediate emerging threats throughout a full secure development life-cycle (SDLC)
• This role will provide career growth opportunities as you gain new security skills in the course of your work
• Security engineers at AWS have an opportunity to experiment, learn, build tools, and work with teams building new technology and services at massive scale
• Security engineers at all levels have the opportunity to learn from and be mentored by those who are building and securing our cutting-edge services
• Security engineers are expected to develop elegant solutions to complex security risk problems and apply appropriate technologies while following security engineering best practices
• Engineers in this role are expected to participate fully in the planning of the AWS Security team's work and constantly seek opportunities for process improvement
• Shaping new services through security review of design, architecture, and implementation
• Secure development life-cycle (SDLC) practices including threat modeling and security testing
• Strongly influence decision-makers and stakeholders to achieve a consistently high security bar for new services
• Scope and assist in penetration testing engagements for services that will operate at cloud-scale
• Create security guidance and documentation for team and customers
• Develop security tools and automation
• Develop and deliver security training and outreach to internal development teams
• Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership across AWS and Amazon initiatives
• Support for mentoring, team building and recruiting activities in a company where security is a critical priority
• Opportunities to communicate security findings to senior leadership across the company

Amazon is the world's largest online retailer, and is well-known for its disruption of well-established industries. The company is present in numerous verticals, including cloud computing with Amazon Web Services, AI with its range of Alexa devices and a global marketplace more commonly referred to as 'the everything store'. Acquisitions include Ring, Twitch, Whole Foods Market, and IMDb.