Senior Software Security Engineer

3+ months agoArlington, VA


The Amazon Fulfillment Center's Software Security / Application Security program is looking for a Sr. Software Security Engineer to join our team. Our team's mission is to protect our customers from software and hardware cybersecurity risks throughout the customer supply chain which includes Global Fulfillment Centers, Amazon Transportation Systems, and Delivery Services.


Secure Software Development Life Cycle (Secure SDLC)
• Perform various security assessments to identify security vulnerabilities on various types of software such as traditional web applications, libraries, mobile, devices, and AWS cloud misconfigurations. Assessments responsibilities include:
• Verify the Architecture Document is completed correctly. Validate all endpoints are identified. Verify standard Amazon security frameworks and tools are used.
• Create or update a threat model with the support of the development team.
• Review the automated code review results (and performing manual code review, if skilled) to identify critical areas to focus on, follow execution paths and as an opportunity to educate developers.
• Perform a manual penetration test.
• Review the incident response plan.
• Register all risks in the centralized risk repository.
DevSecOps Enablement
• Provide skilled advice and consultancy to resolve security findings with internal development teams to help influence and drive security compliance.
• Develop and deliver Software Security training to internal development teams.
• Help to build use cases supporting security detection automation that will scale security identification and prevent attacks that could potentially compromise large systems, company trust, employee safety or customer data.
• Mentor junior engineers.
• Propose solutions for security metrics.
• Participate in the refinement of Software Security policies and procedures.


• 5+ years of Software/Application Security experience with threat modeling and manual penetration testing
• Good understanding of software security vulnerabilities and remediation techniques
• Security-related certifications (i.e., CISSP, CISM, SANS GIAC)
• Bachelor's degree in Cybersecurity, Computer Science, Engineering, or related field
• Good analytical and troubleshooting skills
• Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences


• Familiar with Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST)
• Familiar with access controls systems, network security, or cryptography
• Familiar with ICS protocols (modbus, MTQQ, etc.

Job ID: Amazon-1349708