We are looking for a Senior Security Engineer to help validate that our services, applications, and websites are secured against the latest threats. You will be responsible for providing guidance, creating, curating, and tuning security detections, and creating metrics to demonstrate the team's performance.
As a Senior Security Engineer at Amazon, you will be expected to speak authoritatively on behalf of your team and your technical knowledge should demonstrate both depth and breadth. A Senior Security Engineer has deep knowledge in their domain and is a sought after thought leader across the organization. They have technical expertise and actively participate in the organization's planning processes.
As a Senior Security Engineer on the Scanners team within Amazon CDO, this role is tasked with both identification of new vulnerabilities in Amazon systems along with creation of high quality static and dynamic security testing (SAST & DAST) detections to detect/prevent them. The detections need to meet a high quality bar as it relates to accuracy, testing, performance, and documentation standards. The false positive rate a Senior Security Engineer will need to uphold is no greater than 10% unless explicit risk based decisions are made. An engineer in this role will need to navigate the tradeoffs between risk and accuracy. These decisions need to be released and communicated to 60,000+ customers, which are primarily comprised of Software Development Engineers (Builders) and Security Engineers.
• BS in Computer Science or relevant experience.
• Broad and deep knowledge across application security domains.
• Ability to apply security fundamentals to unfamiliar problem domains.
• A minimum of 6 years of technical security experience
• Ability to deal with ambiguity and establish clear strategy
• Experience with the application of threat modeling or other risk identification techniques.
• Scripting skills (e.g., python, ruby, perl)
• MS in Computer Science.
• Development experience in C, C++ and/or Java.
• Secure software development lifecycle experience.
• Knowledge of distributed systems and security protocols.
• Excellent written and verbal communication skills.
• Excellent leadership skills and teamwork skills.