Amazon

Sr. Security Engineer - Red Team

3 days agoSeattle, WA

DESCRIPTION

PXT Security's Offensive Security Team (OST) is looking for a passionate, innovative, and results oriented Senior Security Engineer who has a strong passion for security at scale to help keep Amazon PXT's applications and services secure. This team is responsible for performing offensive security engagement against PXT's services, applications, and websites; and partnering with development teams to remediate weaknesses, and sharpen our software development lifecycle. In this role, you will be asked to solve complex technology problems, build tools to automate your way out of manual efforts, and influence how PXT services protect, detect, and respond to adversaries, and mitigate security threats to protect HR data. You will be in direct contact with PXT teams across business verticals, giving you first hand knowledge about how Amazon PXT is built and operates. Additionally, you will leverage the knowledge you gain to find new ways to drive improvements to PXT's services, processes, and programs. Further, you will be backed up by a team of highly-skilled security engineers, all working with a singular focus of maintaining our customer's trust.
A person in this role must show exemplary judgment in making trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate ambiguous situations with composure and tact. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.

Key job responsibilities

  • Lead offensive security "red team" campaigns of HR client systems, websites, and networks to discover high-quality vulnerabilities
  • Develop offensive security methodologies, engagement models, and leadership reporting
  • Thoroughly document the exploit chain/proof of concept scenarios for client consumption to improve our ability to protect, detect, and respond to known adversaries
  • Develop innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to Amazon's needs
  • Dive deep into the details to identify meaningful findings and recommend root cause remediation
  • Communicate with senior leadership and technology leaders to prioritize and execute remediation plans
  • Facilitate multiple stakeholders to agree on appropriate solutions, and verify that risks are mitigated appropriately. Demonstrate creativity, insight, intellectual flexibility, and sound business judgment throughout the process.
  • Work independently but collaborate with cross-functional teams (e.g., threat intelligence, incident response, software development, QA, Project/Release Management, Build and Release) to provide security engineering consulting and control design recommendations to reduce risk


BASIC QUALIFICATIONS

  • Bachelors Degree in Computer Science or related field, or equivalent work experience
  • 6+ years of experience in multiple security engineering disciplines (e.g., red teaming, penetration testing, security operations, application security, secure software or system design)
  • 5+ years of experience in a development or security role, working with development team(s) that delivered commercial software or software-based services
  • Deep understanding of security vulnerabilities and mitigations
  • Deep experience related to offensive security best practices (Penetration Testing, Red Team, Bug Bounty), and growing and maturing offensive security skillset
  • Experience with Windows, Linux, and MacOS operating systems
  • Programming experience in Python, C/C++, JavaScript, .NET or other interpreted or compiled languages
  • Knowledge of AWS Cloud Security principles, threat modeling, and security tooling (e.g., Cobalt Strike, C2 infrastructures, Burp Suite)


PREFERRED QUALIFICATIONS

  • Experience running red team or penetration testing campaigns in large, complex organizations
  • Experience building an offensive security program and team
  • Excellent communication and data presentation skills to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries
  • Ability to take a project from ideation through launch
  • Experience in communicating with users, other technical teams, and management to collect requirements, describe software product features, and technical designs
  • Deep knowledge of at least one scripting language (e.g., Python, Perl, Ruby, Shell scripting)
  • Experience in automation via scripting and configuration management tools (e.g., Chef, Puppet, Ansible, Salt, CloudFormation, Terraform)
  • Sharp analytical abilities and proven design skills
  • Excellent written and verbal communication skills
  • Excellent leadership and teamwork skills
  • Results oriented, high energy, self-motivated
  • OSCP, OSCE, OSWE, SANS / GIAC, eLearnSecurity Certifications
  • Published CVEs and security articles is an added advantage

Client-provided location(s): Seattle, WA, USA
Job ID: Amazon-1532535

Company Videos

Hear directly from employees about what it's like to work at Amazon.