DESCRIPTION

Amazon Pentest Team is looking for a mobile application tester to identify problems before they're exploited and help keep Amazon secure and safe from attackers.

This role has a broad scope, ranging from testing Amazon's mobile services, mobile applications and hardware (IOS & Android), relaying findings to owners and Information Security teams, and helping to drive overall improvements to Amazon's security posture. This role presents the ultimate test of implementing one's security knowledge, coupled with the ability to learn and operate as part of a highly skilled team. This position will provide you with challenging opportunities, both technical and as a leader.

A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, such as Threat Intelligence and Application Security, and provide technical leadership and advice to teams throughout Amazon. The partnerships forged with teams across Amazon have a direct impact of both the security of Amazon and our customers.

Engineers in this role will show excellent judgment in making technical trade-offs between short- versus long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. This role will be expected to provide thought leadership for the organization, as you invent and innovate in the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.

BASIC QUALIFICATIONS

Degree in Computer Science or related field, or equivalent work experience
Reverse engineering of Objective-C and Java bytecode
Experience with various testing tools, such as Burp Suite, Frida etc.
5+ years in an Information Security role, preferably in penetration testing and reverse engineering
Experience with any of following languages: Java, Objective-C, Swift, React Native, Javascript, C/C++
Experience with cloud service providers and their offerings, preferably AWS and commonly-used AWS services
Advanced knowledge and understanding in various disciplines such as security engineering, identity management, authentication, security protocols, secure data storage, application security, etc.

PREFERRED QUALIFICATIONS

Preferred
Experience in Mobile (Android/iOS) and Web based application/service assessment
Hands-on experience with Application development for iOS and Android platforms
Experience in reverse engineering on ARM architecture
Knowledge of iOS and Android internals and exploit development
Knowledge of hardware hacking
Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
Strong sense of ownership, urgency, and drive
Excellent written and oral communication skills
Experience providing knowledge sharing and mentorship
Demonstrable teamwork skills and resourcefulness
Ability to make concrete progress in the face of ambiguity and imperfect knowledge
Sharp analytical abilities and proven design skills