Sr. Software Dev. Engineer, Vulnerability Detection & Pentesting for Devices and Services

Job summary
Come join our offensive security team dedicated to the detection and exploitation of vulnerabilities affecting Amazon consumer devices. This includes performing low-level reviews of hardware, bootloaders, radios, secure enclaves, or OS security features of devices, service reviews including authentication mechanisms, AI, mobile, & web apps. Engineers are also encouraged to experiment with automated techniques, such as symbolic execution, fuzzing, machine learning, or static analysis.

Amazon Devices (Lab126) is an inventive research and development company that designs and engineers high-profile consumer electronics. Lab126 began in 2004 as a subsidiary of Amazon.com (http://amazon.com/), Inc., originally creating the best-selling Kindle family of products. Since then, we have produced groundbreaking devices like Amazon Echo, Astro, Kuiper, Ring Always Home Cam Drone, Fire tablets, and Fire TV. What will you help us create?

Are you interested in being part of a top-notch security team covering all Amazon consumer devices (including hardware and low-level functionality) as well as key Amazon services supporting our devices (such as Computer Vision, Alexa, Kindle, etc.)? Do you want to be part of an offensive security team dedicated to detection and exploitation of vulnerabilities prior to launch in order to keep Amazon consumer devices and services safe? Your work directly impacts the way our customers, teams, and business across the globe get things done. If you want to keep customers safe, then we have a job for you! You can learn more about security at Lab 126 here: https://www.youtube.com/watch?v=k0UTTxzeGog.

The Vulnerability Detection and Penetration Testing team is looking for a Senior Software Development Engineer who has a strong passion for security-at-scale. You will work on a small team dedicated to building new tooling to improve Amazon devices and services security capabilities. You will build systems that scans our massive environment of devices, web services and infrastructure for security concerns and engages the right team to fix them. As a member of a small team, you can create the culture you want to work in. You will have a voice in shaping the future direction of automatic security tools in Amazon Digital. You will collaborate with security experts to ensure your system helps Amazon maintain the security that our customers depend on.

While you may not be a security expert just yet, in this role you will develop a broad and deep understanding of application and device security and how Amazon keeps its customer secure.

Key job responsibilities
* Rapidly prototype and incubate new security features and solutions. Deliver high quality solutions in a hyper-growth environment where priorities shift.
* Perform vulnerability detection using variety of automated static, dynamic analysis as well as custom tooling (e.g. static analyzers, fuzzers, scanners, analyzers, etc.) to scale vulnerability detection on devices and associated services and enable easier analysis of externally reported issues.
* Architect, design and develop systems for presenting security problems to engineers so they can be fixed.
* Architect, design and develop solutions and systems for detecting security issues in software.
* Work closely with other internal development teams across Amazon to coordinate security improvements.
* Directly represent the team to business leaders.

About the team
Within the Devices and Services Security organization, the vulnerability detection and internal penetration testing team is responsible for identifying vulnerabilities in products: penetration testing, fuzzing and vulnerability research. The team is part of the Devices and Services Security organization, which is responsible for the entire SDLC, vulnerability management, incident response, and overall security across Amazon Consumer Devices (Kindle, Ring, FireOS, Kuiper, Alexa, eero and more).

While the majority of our Security roles are based in the US west coast, by applying to this position your application will be considered for all locations we hire for in the United States, including but not limited to: Seattle, WA; New York, NY; Bellevue, WA; Sunnyvale, CA; Austin, TX.

Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.

Basic Qualifications

• 4+ years of professional software development experience
• 3+ years of programming experience with at least one software programming language
• 2+ years of experience contributing to the system design or architecture (architecture, design patterns, reliability and scaling) of new and current systems
• Experience as a mentor, tech lead OR leading an engineering team

* BS degree in Computer Science or related field

Preferred Qualifications

* Programming experience with at least one modern language such as C++, C#, Java, Python, Golang, PowerShell, Ruby.
* Understanding of web application security issues like XSS, CSRF, and SSRF
* Systems Engineering/SRE experience in a large, distributed environment focusing on automation
* Experience using AWS services
* Effective and tactful communication skills: you will be working with other teams to improve their security
* Master’s degree in Computer Science or equivalent experience.
* Excellent leadership skills and teamwork skills
* Results oriented, high energy, self-motivated


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records