Sr. Security Engineer, Stores Red Team

About The Position

Requirements

• Knowledge of cloud computing services and deployment architecture
• Bachelor’s degree in computer science or equivalent, or 6+ years of hands-on Red Team / offensive security experience in lieu of a degree
• 5+ years of programming in Python, Ruby, Go, Java, C++, or similar
• 5+ years of experience on a Red Team or in offensive security roles (penetration testing, adversary simulation, vulnerability research)
• 2+ years of experience leading or technically directing multi-person offensive engagements

Nice To Haves

• Experience leading multi-week adversary emulation campaigns from scoping through remediation
• Experience identifying and driving resolution of systemic security issues across organizational boundaries
• Experience with cloud-native red teaming (AWS, Azure, or GCP attack paths, privilege escalation, cross-account lateral movement)
• Experience assessing or attacking AI/ML systems (prompt injection, agent manipulation, model extraction, training data poisoning, RAG exploitation)
• Experience leveraging AI/ML for offensive purposes (automated recon, exploit development, payload generation, building offensive agents)
• Published security research, CVEs, conference talks, or open-source offensive tooling

Responsibilities

• Lead Red Team engagements end-to-end: scoping, target identification, execution, reporting, and driving remediation with service teams
• Build and execute complex, multi-stage attack paths across diverse environments including cloud infrastructure, AI/ML systems, and corporate networks
• Identify systemic security issues that span multiple teams and drive ownership, prioritization, and resolution through escalation when needed
• Own a functional area on the Red Team (e.g., detection engineering partnership, threat intelligence integration, tooling, response collaboration) and drive it forward
• Produce high-quality engagement reports with sufficient background, context, and actionable recommendations for both technical and leadership audiences
• Mentor and develop other engineers on the team by overseeing engagements, providing report reviews, and raising the technical bar
• Proactively identify valuable engagement targets and drive their prioritization through understanding of Amazon’s threat landscape and business context
• Collaborate with detection engineering, incident response, and security leadership to translate offensive findings into defensive improvements
• Develop and maintain offensive tooling, automation, and methodologies that improve team efficiency
• Leverage AI to accelerate offensive workflows and assess AI/ML systems for security weaknesses

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave
• sign-on payments
• restricted stock units (RSUs)