Senior Security Engineer, Audible Security

About The Position

Requirements

• Bachelor's degree in Computer Science or related field or equivalent experience
• 3+ years of relevant work experience, such as application security reviews, security engineering, security analysis, incident response, third party security and risk assessments, data loss prevention, insider threat
• Experienced in using standard Security Assessment and Penetration Testing tools such as BurpSuite
• Experienced with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies
• Experience in advocating security best practices for third party integrations

Nice To Haves

• Experience partnering with development teams and the ability to explain the remediation findings to product owners
• Understanding threat modeling and risk identification techniques
• Knowledge of web application and system security vulnerabilities
• Proficiency auditing Java code to identify bugs
• Proficient scripting skills with Perl, Python, or Java
• Familiarity with common attack patterns and exploitation techniques
• Experience with methodologies such as fuzzing and static/dynamic code analysis
• Experience developing functional exploits for common vulnerabilities
• Experience with AWS or similar cloud computing platforms
• Experience designing and implementing technical security controls
• Experience participating in Bug Bounty programs

Responsibilities

• Contribute to designing, implementing, and executing security review and test methodologies for recurring testing of critical production services
• Partner with service teams to ensure risks are remediated
• Conduct design review, threat modeling, security review, and penetration testing on production systems
• Scope and perform penetration testing and vulnerability research on complex proprietary software and hardware
• Collaborate with internal development teams at Audible and Amazon to enhance security tooling and functionality at scale
• Prepare and present detailed, written technical information for internal and external audiences
• Participate in third party security risk assessments and due diligence
• Provide guidance on risk, compliance, and policy to technical and non-technical internal customers

Benefits

• Full range of medical, financial, and/or other benefits
• Equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package