Security Engineer II
Seattle, Washington, USA
The Customer Trust and Partner Support (CTPS) team works to ensure that customers can shop with confidence on Amazon. We design and implement science, tools, technology, and policy innovations to protect the buying experience on Amazon while minimizing friction for sellers.
We are looking for a Security Engineer to work with our working analysts and investigators on the front lines of intelligence gathering and fraud/abuse mitigation. You will contribute to research on external threat actors and their tactics, techniques, and procedures to emulate various adversaries. You will be responsible for breaking our own tools and services, building new tools and testing/analyzing fraudsters' tools.
Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. The successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts.
Additionally, the successful candidate will be:
· Methodically empirical and experimental in approach and evaluation without being bound by over paralysis-by-analysis
· Be an enthusiastic learner and curiosity seeker, focusing on what can be done rather than hindered by notions of what cannot be
· Work ceaselessly to improve knowledge of the security field, threat landscape, security intelligence, moving proactively toward prevention and detection of threats
· Possess effective verbal and written communication skills, be passionate about sharing knowledge, tactics, strategy, as well as advocating for the project mission
· Great logic and problem-solving skills.
· Evangelize security within Amazon.com and be an advocate for customer trust
· BS in computer science, networking, information systems, computer engineering, or 3+ years’ equivalent experience,
· Minimum of 3 years experience in evaluating and breaking web services, software, network, and systems security as part of an offensive security team,
· Minimum of 3 years scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages,
· Minimum of 3 years experience in at least two of the following areas: web security, social engineering, cryptography, vulnerability research, exploit development
Preferred Qualifications· MS in Computer Security, Computer Science, Networking, Information Systems, Computer Engineering, Systems Engineering or 5+ years’ equivalent experience,
· Three plus years experience with large enterprise environments,
· Experience building, automating and testing tools from scratch,
· Public track record of vulnerability discovery,
· Presentations of security research in public security conferences,
· Meets/exceeds Amazon’s leadership principles requirements for this role. https://www.amazon.jobs/principles,
· Meets/exceeds Amazon’s functional/technical depth and complexity for this role.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us
Job tags: C Cryptography Java Offensive Security Perl Python Ruby Strategy
Job region(s): North America