Security Engineer II, Stores Red Team

About The Position

Requirements

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
• Familiarity with AI/ML vulnerability classes including prompt injection, training data poisoning, model extraction, and agent manipulation
• 3+ years of experience on a Red Team or in offensive security roles
• Bachelor’s degree in computer science or equivalent, or 4+ years of hands-on Red Team / offensive security experience in lieu of a degree

Nice To Haves

• Experience with cloud-native red teaming (AWS, Azure, or GCP attack paths, privilege escalation, cross-account lateral movement)
• Experience leveraging AI/ML for offensive purposes (automated recon, exploit development, payload generation, building offensive agents)
• Published security research, CVEs, conference talks, or open-source offensive tooling
• Implant/C2 development experience (custom agents, communication protocols, evasion techniques)
• Experience evading or operating against enterprise EDR/XDR platforms.
• Familiarity with adversary emulation frameworks and threat-informed operations (MITRE ATT&CK, threat actor playbook replication)

Responsibilities

• Conducting red team engagements throughout Amazon independently, or as part of a team, targeting traditional infrastructure, cloud services, and AI/ML systems.
• Creating detailed engagement plans, performing operations, and emulating adversary tactics, techniques, and procedures (TTPs).
• Thoroughly documenting timelines, attack paths, findings/gaps, and recommendations.
• Communicating and collaborating with partner teams, service owners, Amazon Security teams, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.
• Performing manual examination of client systems, applications, networks, and AI-powered features to discover weaknesses, and thoroughly documenting high quality exploit chain/proof of concept scenarios/reports for customer consumption.
• Assessing the security of AI/ML systems including LLM applications, agentic architectures, RAG pipelines, and model serving infrastructure for vulnerabilities such as prompt injection, training data poisoning, model extraction, and guardrail bypass.
• Leveraging AI/ML capabilities to build and enhance offensive tooling, automate security research workflows, and improve engagement efficiency.
• Contributing to tooling, processes, documentation, and quality of red team operations.
• Helping to recruit and interview, and train/mentor/develop other Red Team engineers.

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave
• sign-on payments
• restricted stock units (RSUs)