Security Engineer - Automation_

Austin

Description

Do you enjoy solving software security problems? Do you find yourself automating away your work every chance you get? If so, we’d love you to join us.

AWS’ pentest tooling team is looking for a highly motivated Security Engineer to help build and scale security, while developing mechanisms to mitigate security issues across the largest cloud provider in the world. Amazon Security customers demand the highest quality and reliability for their services.

Our team operates across AWS to deliver pentests in fast, innovative and secure fashion. Our mission is to scale penetration testing by enabling pentesters to focus on hard problems. Our team builds the tooling and processes to help identify, track and mitigate potential security risks.

This is a hands-on technical role that includes working directly with AWS penteseters, partner security teams, and administrative teams to identify opportunities to improve our security posture. You will analyze security findings and make data driven decisions that help deliver agile pentesting through tooling and process improvements. This is not a software development engineer but you will be writing code to validate issue impact and scale our pentesting.

As a Security Engineer you will be expected to drive operational excellence in everything we do. This includes creating procedures and automation to improve efficiency in our day-to-day tasks and projects. You will work closely on supporting internal customers, ensuring that their needs and issues are being addressed. You also enhance the efficiency of security Operations, through simplified automated verification process, metrics and various data analysis. As a team member, you are part of an oncall rotation to provide critical support for platforms and verify that pentest findings are appropriately fixed. You’ll use your security engineering expertise to ensure our verification of fix program is world-class.

If you're passionate about solving security bugs, automating manual testing, developing others, impacting management, and enjoy seeing your work's impact across the internet, then we’d like you to help us solve some interesting and complex problems.

Key job responsibilities

* Partner with other testers to create guidance (builder guidance, process, and tooling).

* Deliver both verification of fixes and provide scaling mechanism to verify remediation (for pre and post launch)

* Communicate ideas effectively, both verbally and in writing, to all types of audiences. You are able to write narratives and strategic documentation.

* Support customer inquiries, with on-call support covering pentesting, verification of findings, and pentest tooling automation

A day in the life

Your internal stakeholders are your fellow security engineers, our builder teams, and our AppSec partners. You review new and ongoing security mitigations to implement, analysing the proposed path forward and course correcting rapidly. You identify gaps by constantly challenging the norms. Every little innovation could result in days of operational improvement for customers.

About the team

About Amazon Security

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Basic Qualifications

- * BS degree in Computer Science, MIS, Computer Engineering, Cybersecurity, or other related fields, from an accredited university. Equivalent professional experience can be used in lieu of a degree.

- * 2 + years experience building scalable automated tools in any of these languages: C, C++, Java, Python, Perl, and/or Ruby

- * 2 + years’ experience with focus in areas such as systems, network, and/or application security

- * 2 + years experience with web protocols and Linux/Unix tools and architecture

- * Minimum on 1 year of professional experience with security engineering practices such as in web application security, network security, authN/authZ protocols, cryptography, automation, and other software security.

Preferred Qualifications

- * A MS degree in Computer Science, MIS, Computer Engineering, or 3+ years’ equivalent technology experience.

- * Previous experience on a Security Tooling team

- * Experience with building in Native AWS set up

- * Strong knowledge of web protocols and an in-depth knowledge of Linux/Unix tools and architecture

- * Ability to prioritize multiple tasks and projects in a dynamic environment. A high degree of organization.

- * Familiarity with Cloud Environment and architecture.

- * Meets/exceeds Amazon’s leadership principles requirements for this role.

- * Meets/exceeds Amazon’s functional/technical depth and complexity for this role .

- * Experience with penetration testing, red teams, CTF (Capture The Flag), or bug bounties.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit mazon.jobs/en/disability/us.