Security Engineer, Specialized Businesses Security, Vulnerability Management Job at Amazon, Sunnyvale, CA

K2NNTFhYZEdVTHVXMVJIeVRKeWc5Uzly
  • Amazon
  • Sunnyvale, CA

Job Description

Description Amazon's Specialized Businesses Security team is seeking an innovative Security Engineer to join our Vulnerability Management Dectection Team. In this position, you will focus on detection, assessment, triage and supporting remediation of vulnerabilities. You will work with a diverse set of security scanning tools to support our application security vulnerability detection capabilities. Your goal will be to deeply understand Amazon's innovative Devices and Services to enhance our vulnerability detection capabilities throughout the Software Development Lifecycle (SDLC). You will partner with development teams to drive prioritization and remediation of vulnerabilities to help deliver secure products for our customers. Key job responsibilities - Developing and tuning custom, open source and third-party high quality automated detection tools (e.g. static analyzers, fuzzers, scanners, etc.) to perform variety of security vulnerability analysis (SAST, DAST, SCA, etc.) - Reviewing output of automated detection tools for accuracy - Analyzing public and private vulnerability disclosures to analyze impact on Amazon Devices and Services - Providing actionable long-term risk prioritization and mitigation guidance to drive security improvements at scale - Proposing mechanisms for integrating security detection tools into the development lifecycle - Collaborate with partners across Amazon to develop scalable solutions to security problems About the team Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying. Why Amazon Security? At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Inclusive Team Culture In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Training & Career Growth We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve. Basic Qualifications - 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience - Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security - Bachelor's degree in computer science or equivalent - 3+ years hands-on experience in Vulnerability Management, Product Security and/or Application Security Preferred Qualifications - 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience - Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent - Experience with AWS products and services - Knowledge of common software security vulnerabilities (memory corruption, privilege escalation, web application exploitation, protocol-based weaknesses, etc.) and analyzing their impact - Working experience with vulnerability detection tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Open Source Composition Analysis (SCA) - Experience with scripting (Python bash, etc.) Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status. Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company's reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner. Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Job Tags

Work experience placement, Local area,

Similar Jobs

Aequor

Medical Writer III Job at Aequor

 ...experience with protocols. This position is REMOTE Position Summary: The primary...  ...responsibilities of an Associate Director Medical Writer at *** include, but are not limited to,...  ...up to 20 pounds. Occasional overnight travel may be required. Skills:... 

Amentum

SOX Internal Controls Analyst Job at Amentum

 ...53,000 employees in approximately 80 countries across all 7 continents.We are seeking a highly motivated **SOX Internal Controls Analyst** to join our team of professionals to add value to the organization through management of the SOX Internal Controls environment. As... 

KBCO Design

Interior Designer Job at KBCO Design

 ...that is fun to be around. Position involves working with the Principal and project team on development of design and presentations, AutoCAD Drafting and Construction Documentation, Material and FF&E Specifications, Schedules, and Administrative work as required on... 

CHRISTUS Health

Epic Analyst - Ambulatory Job at CHRISTUS Health

 ...Description Summary: The Clinical Informatics Systems Analyst I is primarily responsible for assisting in the operation and administration...  ..., Registrations, or Certifications Valid Driver's License Epic certification/accreditation/self-proficiency preferred (may be... 

The Cigna Group

Manager, Provider Contracting - Arkansas, Alabama & Mississippi market Job at The Cigna Group

 ...required for the network solution.+ Works to meet unit cost targets, while preserving an adequate network, to achieve and maintain Cigna's competitive position.+ Creates and manages initiatives that improve total medical cost and quality.+ Drives change with external...