DESCRIPTION

Amazon's Offensive Security is looking for a mobile application tester to identify problems before they're exploited and help keep Amazon secure and safe from attackers.

This role has a broad scope, ranging from testing a variety of Amazon's services, software and hardware, relaying findings to owners and Information Security teams, and helping to drive overall improvements to Amazon's security posture. This role presents the ultimate test of implementing one's security knowledge, coupled with the ability to learn and operate as part of a team of highly skilled individuals. This position will provide you with challenging opportunities, both technologically and as a leader.

A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, such as Threat Intelligence and Application Security, and provide technical leadership and advice to teams throughout Amazon. The partnerships forged with teams across Amazon have a direct impact of both the security of Amazon and our customers.

Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. This role will be expected to provide thought leadership for the organization, as you invent and innovate in the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.

BASIC QUALIFICATIONS

BSc in Computer Science or related field, or equivalent work experience
Hands-on experience with Application development for iOS and Android platforms
Reverse engineering of Objective-C and java bytecode
Experience with various testing tools, such as Burp Suite, Fiddler, Frida etc.
5+ years in an Information Security role, preferably in penetration testing and reverse engineering
Experience with languages: Java, Objective-C, Swift, React Native, Javascript, C/C++
Experience with cloud service providers and their offerings, preferably and its various technologies and APIs
Advanced knowledge and understanding in various disciplines such as security engineering, identity management, authentication, security protocols, secure data storage, application security etc.
Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement - Strong sense of ownership, urgency, and drive

PREFERRED QUALIFICATIONS

Experience in Mobile (Android/iOS) and Web based application/service assessment
Experience in reverse engineering on arm architecture
Experience in CTF competitions, CVE research and/or Bug recognition
Experience in Wireless assessment in enterprise infrastructure
Knowledge of iOS and Android internals and exploit development
Knowledge about hardware hacking
Intermediate to advanced communication and presentation skills
Experience providing training and mentorship
Demonstrable teamwork skills and resourcefulness
Ability to make concrete progress in the face of ambiguity and imperfect knowledge
Sharp analytical abilities and proven design skills