Security Engineer II, Vulnerability Management and Remediation Operations

About The Position

Requirements

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
• 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
• 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
• Bachelor's degree in computer science or equivalent
• Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
• Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or 2+ years of IT Security experience
• Knowledge of networking protocols such as HTTP, DNS and TCP/IP
• Knowledge of industry-based security vulnerabilities and remediation techniques
• Experience in scripting, programming, and security code reviewing in a common programming language (non-internship)
• Experience in troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship experience)

Nice To Haves

• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
• 2+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
• Knowledge of command line tools to troubleshoot protocols, analyze log outputs, or automate basic tasks
• Knowledge of networking protocols such as HTTP(S), DNS, and TCP/IP
• Knowledge of networking protocols, to include HTTP(S), DNS, and TCP/IP
• Experience with AWS products and services
• Experience with programming languages such as Python, Java, C++
• Experience in scripting, programming, or security code reviewing in a common language, such as Python, Java, or C++
• Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing

Responsibilities

• Analyse public and private vulnerability disclosures and exploit code.
• Deeply understand and assess the technical details and potential impact of vulnerabilities across Amazon's infrastructure, services, and applications.
• Investigate and triage vulnerabilities, identifying severity and the scope of potential impact to Amazon.
• Support response and remediation efforts, assisting builder teams to fix their security issues in a timely manner.
• Engineer high quality, scalable, and accurate vulnerability detection mechanisms.
• Design and implement automation, tools and workflows to enhance our operations capabilities.
• Be part of a global team and participate in periodic on-call responsibilities to ensure the continuous monitoring and remediation of vulnerabilities.

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave