Amazon.com is looking for an expert Security Engineer focused on analyzing vulnerabilities and exploit code and translating this analysis into actionable intelligence. If you enjoy analyzing system services, operating systems, networks and applications from a security perspective and you are skilled at discovering security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity in a rapidly changing environment. You will be responsible for the monitoring of new vulnerabilities released in the wild, reviewing specifics of those vulnerabilities including exploit code, and working directly with our Vulnerability Operation Analysts to drive remediation efforts.
• Analyze vulnerabilities and exploit code.
• Translate technical analysis into actionable intelligence including remediation and mitigation steps.
• Develop procedures related to the review of vulnerabilities.
• Provide technical support for the resolution of vulnerabilities reported by our automated systems.
• Provide tier 3 security operations support.
• Develop security policies, standards, procedures and guidelines.
• Participate in security compliance efforts (e.g. PCI, SOX).
• Implement and support security-focused tools and services.
• Earn trust and maintain strong working relationships with teams responsible for patching.
• Build information security as a core competency throughout our relationships with our internal partners including education and training.
• Drive continual improvement and innovation in the vulnerability management space.
• Participate in on-call duties related to vulnerability management.
• BA/BS in an engineering or technical leadership discipline, or equivelant experience
• Experience with vulnerability management solutions, vulnerability analysis, and risk analysis.
• At least 3 years of system, network and/or application security experience.
• At least 2 years of development experience in C, C++ and/or Java.
• At least 1 year of mobile device security experience.
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Scripting skills (e.g. Perl, Ruby, , Shell scripting).
• Ability to write advanced SQL queries against Oracle and MySQL back-ends.
• Detailed knowledge of system security vulnerabilities and remediation techniques.
• MA/MS in an engineering or technical leadership discipline, or equivalent experience
• At least 1 year of experience with development (s) that delivered commercial software or software-based services (development, QA testing, or security role).
• Related compliance experience, including: PCI, GLBA, SAS70 (SOX/HIPPA desirable)
• Security certifications encouraged
• Basic understanding of malware analysis
• Basic understanding of malicious code constructs (imports, exports, PE sections, etc.)