Amazon Pentest Team is looking for a web application tester to identify problems before they're exploited and help keep Amazon secure and safe from attackers.
This role has a broad scope, ranging from testing Amazon's web applications, relaying findings to owners and Information Security teams, and helping to drive overall improvements to Amazon's security posture. This role presents the ultimate test of implementing one's security knowledge, coupled with the ability to learn and operate as part of a highly skilled team. This position will provide you with challenging opportunities, both technical and as a leader.
A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, such as Threat Intelligence and Application Security, and provide technical leadership and advice to teams throughout Amazon. The partnerships forged with teams across Amazon have a direct impact of both the security of Amazon and our customers.
Engineers in this role will show excellent judgment in making technical trade-offs between short- versus long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. This role will be expected to provide thought leadership for the organization, as you invent and innovate in the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.
• Degree in Computer Science or related field, or equivalent work experience
• Reverse engineering of Objective-C and Java bytecode
• Experience with various testing tools, such as Burp Suite, Frida etc.
• 5+ years in an Information Security role, preferably in penetration testing and reverse engineering
• Experience with cloud service providers and their offerings, preferably AWS and commonly-used AWS services
• Advanced knowledge and understanding in various disciplines such as security engineering, identity management, authentication, security protocols, secure data storage, application security, etc.
• Experience in Mobile (Android/iOS) and Web based application/service assessment
• Hands-on experience with Application development for iOS and Android platforms
• Experience in reverse engineering on ARM architecture
• Knowledge of iOS and Android internals and exploit development
• Knowledge of hardware hacking
• Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
• Strong sense of ownership, urgency, and drive
• Excellent written and oral communication skills
• Experience providing knowledge sharing and mentorship
• Demonstrable teamwork skills and resourcefulness
• Ability to make concrete progress in the face of ambiguity and imperfect knowledge
• Sharp analytical abilities and proven design skills