Sr Security Engineer, Ads Security
Arlington, Virginia, USA
Full Time Senior-level / Expert USD 136K - 247K
Amazon.com
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...Key job responsibilities
As a Senior Security Engineer within Amazon’s Ads Security team, you will play a crucial role in ensuring that applications across numerous Ads platforms are designed and executed with the highest security standards to maintain customer trust. You will tackle a diverse array of security challenges, ranging from novel threats in Ads services to selecting and implementing scalable and secure features such as key management solutions and encrypted storage. Additionally, you will serve as a subject matter expert, providing guidance to developers on building secure products and fostering a security-conscious culture within the organization.
- Collaborate directly with service and platform owners to advise on security best practices and tool implementation.
- Perform comprehensive security assessments on SaaS implementations, data management systems, and reporting frameworks being used internally by Amazon Ads teams or externally by Amazon Ads customers.
- Coordinate and oversee penetration testing activities for platforms and tools.
- Identify security risks, report findings, and recommend solutions for complex security issues by leveraging existing set of detections and/or design new detections within Amazon’s various security detection frameworks.
- Contribute to fostering a strong security culture at Amazon through knowledge sharing and collaboration.
- Engage in cross-team projects aimed at enhancing the security posture of Amazon and customer data throughout its lifecycle.
A day in the life
Activities in this role include:
- Identifying security issues and risks, review & approve mitigation plans for Ads products.
- Influencing product teams and senior leadership to implement practices that maintain a high security bar.
- Advising teams developing products on the correct components that deliver security features like key management, authentication, encryption, etc.
- Proposing, collaborating & obtaining buy-in on strategic security initiatives.
- Recommending and developing security-focused tools that help product teams prevent security misconfigurations & vulnerabilities in the design & implementation of features. Look for opportunities to automate, detect and move security to left in SDLC process.
- Developing and interpreting security policies and procedures to form security requirements.
- Developing training that promotes general security awareness and informs developers on how to discover & mitigate security vulnerabilities in their products.
- Deciding which new security tooling and strategies should be pursued for scalable security in service development.
- Supporting incident response activities as a security subject matter expert.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
We are open to hiring candidates to work out of one of the following locations:
Arlington, VA, USA | New York, NY, USA
Basic Qualifications
- Bachelor’s degree in Computer Science, Computer Engineering or related field with 5+ years with security engineering experience.
- Demonstrated expertise in secure architecture and design reviews.
- Proven experience in at least one scripting or compiled language such as Java, Python, Perl, JavaScript, Go, Ruby, C# or C/C++
- Deep technical understanding of the OWASP Top 10, and SANS Top 25, as well as vulnerability identification and remediation.
- Proven experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation.
Preferred Qualifications
- Experience working across different organizations and teams to achieve common security goals.- Experience with AWS products and services, service-oriented architecture, and web services security
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Experience with machine learning and/or generative AI
- Ability to drive multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
- Implementation knowledge of cryptographic features like Hashing, Encryption, Signing as well as working knowledge of common software implementations of OpenSSL
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Tags: AWS C Cloud Computer Science Encryption Exploit Exploits Generative AI Hashing Incident response Java JavaScript Machine Learning OWASP Pentesting Perl Python Ruby SaaS SANS Scripting SDLC Security assessment TCP/IP Vulnerabilities
Perks/benefits: Career development Equity Health care Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs