Security Engineer III - AMZ25957.4
About The Position
This role involves conducting comprehensive security reviews within the Secure Software Development Life Cycle (SDLC) for Amazon and AWS services, focusing on database, analytics, search, and storage product offerings. The position requires performing detailed design reviews and threat modeling for new features, coordinating penetration testing, and managing vulnerabilities for Amazon product teams' software. The Security Engineer will lead holistic security assessments of internal and external services, identify and manage legacy vulnerabilities, and provide expert security consultation to software engineering teams on various security domains. Additionally, the role involves developing security review tools, creating security documentation, and conducting in-depth security code reviews.
Requirements
- A Bachelor’s degree or foreign equivalent in Computer Science, Engineering, or a related field and 1 year of experience in the job offered or related occupation. In the alternative, employer will accept 2 years of experience in the job offered or related occupation in lieu of a Bachelor’s degree, and 1 year of experience in the job offered or related occupation.
- 1 year of experience involving Security engineering and network technologies (PCAP or Netflow), Operating Systems and network security, common attack patterns and exploitation techniques.
- 1 year of experience involving Security Operations, Incident Response, Threat Hunting and Assurance methodologies.
- 1 year of experience involving Common attack patterns and exploitation techniques.
- 1 year of experience involving System security analysis techniques including threat modeling and attack graphs.
- 1 year of experience involving Writing run-books, and complexity analysis, execute vulnerability scans and reviews vulnerability assessment reports.
Nice To Haves
- All applicants must meet all the above listed requirements.
Responsibilities
- Conduct comprehensive security review within the Secure Software Development Life Cycle (SDLC) for Amazon and AWS services, specifically focusing on database, analytics, search, and storage product offerings.
- Perform detailed design reviews and threat modeling for new features and offerings, including penetration testing coordination and vulnerability management for Amazon product teams' software.
- Lead holistic security assessments of internal and external services supporting Amazon cloud offerings, with emphasis on identifying, documenting, and managing legacy vulnerabilities.
- Execute peer reviews of security engineering work to ensure thorough due diligence, identify potential antipatterns, and validate security measures before feature releases.
- Provide expert security consultation to software engineering teams, covering: Cryptography, Security in transit and at rest, Database security, Application security, Infrastructure security and Internal security processes.
- Develop security review tools utilizing Java and Soot Framework for static code analysis, Python for semantic analysis and Automation solutions for ticketing and management processes.
- Create comprehensive security documentation for database, analytics, search, and storage services to facilitate high-quality security analysis.
- Conduct in-depth security code reviews of repositories and commits, including analysis of internal AWS frameworks for: Authentication, Input Validation, Logging (CloudTrail), and Deployment systems.
Benefits
- Amazon.com is an Equal Opportunity – Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
