Security Engineer

Seattle, Washington, USA

Full Time logo
Apply now Apply later

Posted 1 month ago

Are you interested in solving security challenges at scale? Do you want to work with development teams to integrate security at all stages of their projects? Do you enjoy hands-on security reviews and consultations, developing and providing guidance, and acting as an advocate for security and privacy engineering best practices?

We are looking for a Security Engineer to focus on securing the ecosystem that powers Amazon Customer Service (CS). CS is one of the largest customer service organizations in the world. Our business operations include tens of thousands of Customer Service Associates around the globe who provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing).

As a Security Engineer in CS, you will help ensure our solutions are designed and implemented to the highest security and privacy standards. You need to be able to reach across teams to help drive understanding out of complex problems. You will be developing strong security culture and practices within the department. Lastly, this role will help grow automation efforts on the team through custom tool development, and by providing requirements and support to partner teams who share similar goals.

You’ll find qualifications sections below. If you meet all these then we want to hear from you. If you only meet some of them but think you would be great for this role, we want to hear from you. If you meet just one of them but know that you will bring something unique to the team, we want to hear from you.

Your responsibilities will include:
· Provide expert advice to internal customers on developing secure architectures and applications
· Advise and consult with internal customers on risk assessment and vulnerability remediation
· Secure development life-cycle (SDLC) practices including threat modeling and security testing
· Influence decision-makers and stakeholders to achieve a consistently high security bar
· Create security guidance and documentation
· Develop security tools and automation
· Lead security projects (including security reviews, tool development, and creation of new security practices) with end-to-end ownership
· Participate in security and privacy compliance efforts
· Participate in security escalations support
· Evaluate and recommend new and emerging security products and technologies
· Support for mentoring, team building, and recruiting activities

Basic Qualifications

· BS in Computer Science or related field, or equivalent work experience.
· 4+ years of experience in web application security, secure application design, threat modeling, and/or secure coding
· 2+ years of experience with one or more programming languages (such as Java, C++, Ruby, Python, Perl, etc.)
· Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs

Preferred Qualifications

· Excellent leadership, teamwork, and collaboration skills
· Ability to lead through influence within a secure development life-cycle for multiple products and technologies, meeting customer expectations for security
· Demonstrated strong technical judgment in conjunction with passionate customer focus
· Experience implementing security solutions that resolve security and business risk trade-offs
· Security knowledge on current vulnerabilities, threats, risks and mitigation strategies
· Experience in risk identification, security testing, static and dynamic analysis, or vulnerability detection or remediation.
· Experience with various testing tools, such as Metasploit, Nmap, Burp Suite, etc.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Job tags: Automation AWS Burp Suite C Java Metasploit Nmap Perl Python Risk assessment Ruby Vulnerabilities