Senior Security Engineer, Red Team
US, OH, Virtual Location - Ohio
Amazon.com
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...**This role is also open to alternative and virtual locations including: Austin, TX | Seattle, WA | Arlington, VA and others
Amazon’s Offensive Security Team is seeking a Red Teamer to help keep Amazon's infrastructure secure for its customers by attacking Amazon’s services, infrastructure, processes, and controls, and by partnering with defensive & service teams to remediate weaknesses and sharpen our detective, preventative, and response capabilities. This role presents an ultimate test of ones security knowledge and ability, along with the support of a team of highly skilled individuals. This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking Amazon sounds exciting to you. This subteam is specifically focused on hardware assessments, adversarial ML and objective-based full stack penetration testing.
A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Information Security, as well as provide technical leadership and advice to teams and leaders throughout Amazon. You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to break services, processes, and technologies throughout the company.
Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate ambiguous situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.
Responsibilities include:
- Leading red team engagements throughout Amazon independently, or as part of a team.
- Creating detailed engagement plans, execute operations, and emulate adversary Tactics, Techniques, and Procedures (TTPs).
- Thoroughly documenting timelines, attack paths, findings/gaps, and recommendations.
- Communicating and collaborating with partner teams, service owners, Information Security, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.
Basic Qualifications
- 6+ years work experience in a red teaming or penetration testing role
- Knowledge and understanding in various security domains (e.g. security engineering, system and network security, authentication and security protocols, cryptography, application security, incident response)
- Experience with interpreted or compiled languages (e.g. Python, Ruby, C/C++, Java, .NET)
- Experience with common offensive security tools (e.g. Cobalt Strike, Metasploit, Burp Suite)
- Experience with adversary Tactics, Techniques, and Procedures (TTPs)
- Experience with attacking common Operating Systems (Windows, MacOS, Linux)
Preferred Qualifications
- BS in Computer Science or related field
- Experience with cloud service providers and their offerings, preferably AWS, and its various technologies and services
- Experience in developing security tooling and automating red team infrastructure
- Experience in web application/service assessments
- Experience in enterprise network infrastructure assessments
- Experience in reverse engineering and associated tooling (e.g. IDA)
- Experience in fuzzing, memory corruption, and exploit development
- Experience in hardware hacking
- Experience with building and/or attacking ML platforms/models
- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
- Experience providing training and mentorship
- Demonstrable teamwork skills and resourcefulness
- Ability to make concrete progress in the face of ambiguity and imperfect knowledge
- Strong sense of ownership, urgency, and passion
- Sharp analytical abilities and attention to detail
- Effective written and verbal communication skills
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Burp Suite C C++ Cloud Cobalt Strike Computer Science Cryptography CTF Exploit Full stack Incident response Java Linux MacOS Metasploit Network security Offensive security Pentesting Python Red team Reverse engineering Ruby TTPs Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs