Security Engineer

### Who you are
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Knowledge of industry-based security vulnerabilities and remediation techniques
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 2+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 3+ years of experience in a penetration testing or information security role
- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
- Experience in developing security tooling and automation
- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
- Advanced degree in Computer Science or related field

### What the job involves
- Amazon’s Information Security Review Operations Team is seeking a Security Engineer to help keep Amazon secure for its customers
- In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them to our internal technology teams
- This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking Amazon alongside a team of highly skilled individuals sounds exciting to you
- A Security Engineer at Amazon is expected to be strong in multiple domains
- Engineers in this role work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Amazon
- You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level
- Additionally, you will leverage the knowledge you gain about Amazon to find new ways to break services, processes, and technologies throughout the company
- Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals
- You will demonstrate resilience and navigate ambiguous situations with composure and tact
- You will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of your duties
- Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure
- Conducting high quality application security reviews and penetration tests independently, or as part of a team
- Creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations
- Contributing to team tooling, innovation, and improvements
- Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings