Senior Security Engineer

Amazon.Com, Inc. Seattle , WA 98113

Posted 1 week ago

Amazon is continuously innovating new services and features for customers. Amazon Application Security focuses on enabling our builders to provide a secure and trustworthy experience to our customers without compromising the overall customer experience. As a Security Engineer on our team, you will solve interesting security challenges that arise when Amazon invents new technologies.

In this role, you will help build a platform that aims to quickly and automatically identify issues and take corrective actions across Amazon's attack surface. You will be challenged by scale and latency constraints as you build features that delight your users, and you will learn about and integrate with critical systems across Amazon. We believe in experimentation, iterating quickly and getting feedback from our customers and stakeholders.

Responsibilities include (but are not limited to):

  • Identify security issues and risks, and build mitigation plans

  • Research and build scalable service fingerprinting techniques and URL crawling

  • Propose and implement automation for various authentication systems across Amazon and its subsidiaries

  • Drive improvements of Amazon's overall security architecture

You will bring to the team:

  • Excellent written and verbal communication skills

  • Well-rounded knowledge of multiple Information Security domains

  • Deep technical understanding of the OWASP Top 10

  • Ability to work with developers to resolve security issues

  • Experience with URL crawling techniques and automation

  • Experience in code reviews, vulnerability detection, and root cause analysis

  • Strong sense of ownership, urgency, and drive

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

  • BS in Computer Science or related field or equivalent work experience.

  • 3+ years of experience in web application security, secure application design and architecture, threat modeling, secure coding, and cryptography

  • Minimum of 1 years of experience with one or more programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)

  • Meets/exceeds Amazon's leadership principles requirements for this role

  • MS in Computer Science or equivalent work experience.

  • Development experience in C, C++ and/or Java.

  • Knowledge of distributed systems and security protocols.

  • Secure software development lifecycle experience.

  • Excellent written and verbal communication skills.

  • Excellent leadership skills and teamwork skills

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Security Engineer

F5 Networks

Posted 2 weeks ago

VIEW JOBS 4/20/2021 12:00:00 AM 2021-07-19T00:00 Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Join a team providing a leading-edge security solution to protect web and mobile services. The Sr. Security Engineer will develop and implement strategic processes and solutions to enable our information security program and continuously improve our security posture amidst the industry's evolving technology landscape. Is this you? Primary Responsibilities * Assessment of organizational risks to security and availability. * Reviews and tests changes to services and networks for potential security impacts. * Manages penetration and segmentation testing of F5 applications and networks. * Analyzes risks, applies existing controls and records residual risks in risk register. * Define SIEM and IPS rules based on identified risks. * Review changes to and ongoing operations of our production environment and * supporting systems for security and compliance impacts. * Collaborate with Security Architecture, Product Engineering and Operations to remediate identified security risks. * Assist in detection and response efforts as a product line domain specialist. * Propose new controls to Security Architecture and GRC. * Build and implement new security controls, processes and tools. * Implement zero-trust patterns with cloud agnostic tools like Hashicorp Vault. * Technical implementation, design, development, and admin of role based access controls, SSO and integration with IAM systems. * Expertise and know-how on IAM infrastructure, initiatives in cloud and on-premise environments. * Inward and outward enterprise security control integrations and automation of controls. * Collaborate with Engineering, Operations and SOC teams to implement security standards and ensure standards are followed * The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change Knowledge, Skills and Abilities * Experience working high-availability production environments is a must have. * Familiarity with a scripting language. * Experience automating security testing tools and reporting outputs * Technical knowledge and extensive hands-on experience with security and networking security, basic networking protocols, network security design, intrusion prevention/detection, and firewall architecture. * Willingness to innovate and learn new technologies. * Ability to collaborate is as important as technical and security skills. * Pragmatic approach to prioritization based on data driven risk assessment. * Excellent interpersonal and relationship skills. * Experience assessing and implementing technical security controls related to PCI DSS and FedRAMP * Knowledge with some of the technologies in our stack is a plus (Big-IP, GCP, CentOS, Juniper, Arbor, Zabbix, CiscoACS, Nomad, Hashicorp Vault, Fortigate). * Experience with network and application vulnerability and penetration testing tools. Qualifications * B.S. Degree in Computer Science, Engineering or other technical degree. * 8 years of progressive responsibility in cloud products. * 3-5 years experience with network security or general security engineering. The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Yello/Workday (ending with f5.com or @myworkday.com). Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. Reasonable accommodation is available for qualified individuals with disabilities, upon request. F5 Networks Seattle WA

Senior Security Engineer

Amazon.Com, Inc.