Offensive Security Engineer

Seattle, Washington, USA

Full Time
Amazon.com logo
Amazon.com
Apply now Apply later

Posted 1 month ago

Do you want to be part of a team that designs and implements critical payment-related services for Amazon with air-tight security and five-nine availability that serve millions of requests per minute? Do you want to be part of a fun group that explores cutting edge technology, with a culture of learning from each other and developing each other? Do you want to be part of an organization that will be at the center of projects that will shape the future of the payments industry? If you answer yes to any of the questions above, this position is for you! Your work will be visible among the company’s senior executives.

As an offensive security engineer, you will:

·
· Execute offensive security “red team” campaigns of our Payment systems and processes to improve our ability to protect, detect and respond to known adversaries
·
· Thoroughly document exploit chain/proof of concept scenarios for client consumption
·
· Develop innovative and scalable tools, solutions, and processes to enhance the team's velocity and scale to Payment and Amazon needs
·
· Communicate with senior leadership and technology leaders to prioritize and execute remediation plans
·
· Effectively collaborate in a fast-paced environment with multiple teams in a large organization (threat intelligence, incident response, software development, QA, Project/Release Management, Build and Release, etc.).

Basic Qualifications


· 3+ years of experience in multiple offensive security engineering disciplines (red teaming, penetration testing, fuzz testing, etc.)
· Experience with red team or penetration testing campaigns in large, complex organizations
· Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement

Preferred Qualifications

· Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries
· Security testing tools including Cobalt Strike, C2 infrastructure, Nmap, Burp Suite - Windows, Linux, and MacOS operating systems
· Knowledge of at least one scripting language (Python, Perl, Ruby, etc.)
· Knowledge of Cloud security principles (preferably AWS)
· Strong Network and Application security concepts

Job tags: AWS Burp Suite Cobalt Strike Incident response Linux Nmap Offensive Security Penetration testing Perl Python Red team Ruby Threat intelligence TTPs Windows
Job region(s): North America
Share this job: