"Trust is hard-earned, easily lost" - Jeff Bezos
At Amazon, we are obsessed with customer trust.
Our team maintains that trust by working with dozens of internal development teams worldwide to guard the confidentiality and integrity of the Amazon Mobile Shopping app customer data. Our focus areas include: application security, incident response, and risk analysis, territorial compliance, and advocacy. To accomplish this, we collaborate with Amazon teams to build security best practices and guardrails into the mobile software development lifecycle. Our guidance and leadership equips our partners to maintain high security standards. This team dives deep into security technologies and continuously raises the security bar across Amazon Mobile Shopping teams by tackling complex engineering problems that require widespread support and multi-year execution plans.
Mobile Shopping Foundations is looking for a Security Engineer to focus on continuously improving our application security. You are obsessed with customer trust. You have breadth and depth of security knowledge and can identify and advise on risks across multiple areas of an organization. You will be solving security challenges at scale and working to help other teams create solutions while developing strong security culture and practices.
You have industry-leading technical abilities and are strong in multiple domains. You work with groups throughout Amazon to help them integrate security at all levels of their projects. You are involved in security assessments, developing guardrails, providing guidance, and advocating security engineering best practices. You proactively and continually improve your level of knowledge about Amazon's business, information security, the threat landscape, and relevant technologies.
A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which will include assessment and software development work. This role will provide career growth opportunities as you gain new security skills in order to keep up with the rapidly evolving mobile industry.
• Perform security reviews to identify security issues and risks, and develop mitigation plans
• Advise and consult with internal customers on risk assessment, threat modeling, code review, and vulnerability remediation
• Provide expert advice to internal customers on developing secure architectures
• Develop and interpret security policies and procedures
• Evaluate and recommend new and emerging security products and technologies
• Develop and deliver training materials and perform general security awareness and specific security technology training
• Participate in security compliance efforts
• Participate in security escalations support
• Evangelize security within Amazon.com and be an advocate for customer trust
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us
• Bachelor's Degree or MS in Computer Science or related field
• At least 3 years of experience in application, secure software or system design
• At least 2 years of experience in a development or security role working with development team(s) that delivered commercial software or software-based services
• Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
• Significant experience and detailed technical knowledge in multiple areas of: security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Knowledge of mobile and web OWASP Top 10 risks.
• Experience with mobile application architecture and development of hybrid mobile applications on Android and iOS using WebViews and React Native.
• Experience with the application of threat modeling or other risk identification techniques
• Experience designing and/or reviewing the security of systems in conjunction with a development team
• Experience in risk identification, secure software design, secure architectures, security testing, or vulnerability detection or remediation
• Sharp analytical abilities and proven design skills
• Strong written and verbal communication skills
• Masters or PhD in Computer Science or Computer Security (or equivalent experience)