Application Security Engineer, Physical Stores Security

Physical Retails Stores (PRS) Security Engineering (PRS-SecEng) team is responsible for ensuring all applications running in PRS meet Amazon security bar. Our scope includes all applications (Software, Hardware, 3rd Party) running in Wholes Food Market, Amazon Go, Fresh and Styles stores. We engage with developers at concept stage, provide them with security requirements, suggest best security solutions for various use cases, ensure applications will generate correct logs for detection and incident response use cases. We, then, review the final solution, understand architecture, create threat models, perform automated and manual code reviews and perform security testing. Our solutions can be categorized as web and mobile applications, embedded and IOT solutions and various 3rd party HW and SW solutions.

Innovation is part of our DNA! We need people who want to join an ambitious program that continues to push the state of the art in computer vision, machine learning, distributed systems and hardware design.

The Role: Everyone on the team needs to be entrepreneurial, wear many hats and work in a highly collaborative environment that's more startup than a big company. We will need to tackle problems that span a variety of domains: real-time, distributed systems, machine learning, image recognition, and computer vision. As a Senior Security Engineer, you will help ensure our devices, applications, services, and systems are designed and implemented to the highest standards and resilient to the modern threats. If you enjoy analyzing the security of systems that span from hardware to cloud services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will lead in security audits, risk analysis, vulnerability testing and security reviews across all elements of this project's software systems.

You will tackle challenging, novel situations every day and, given the size of this initiative, you will have the opportunity to work with multiple technical teams at Amazon in different locations. You should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before. Along the way, we guarantee that you will learn a ton, have fun and make a positive impact on millions of people.

Key job responsibilities
1. Security Consults
2. Architecture Review
3. Threat Model
4. Automated Code Review
5. Manual Code Review
6. Incident Response Plan Review
7. Security Testing
8. Risk documentation and remediation verification

We are open to hiring candidates to work out of one of the following locations:

Irvine, CA, USA

Basic Qualifications

- Bachelor’s degree in Computer Science or related field or equivalent experience
- 3+ years of Application Security engineering experience
- 3+ years of experience in vulnerability testing and auditing
- -Knowledge of authorization, authentication and encryption protocols and use cases
- Experience working with development team(s) that have delivered commercial software or software-based services
- Knowledge of threat modeling or other risk identification techniques
- Knowledge of system security vulnerabilities and remediation techniques
- Familiarity with common attack patterns and exploitation techniques (OWASP)
- Development experience in Java
- Scripting skills (e.g., Perl, Python shell scripting)
- Knowledge of network and related web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

Preferred Qualifications

- Master’s in Computer Science or related field.
- Experience with Security Engineering and Assurance methodologies e.g. fuzzing, static and dynamic code analysis.
- Experience with common attack patterns and exploitation techniques. Ability to write fully functional exploits for common vulnerabilities such as simple stack overflow, cross-site scripting, or SQL injection.
- Experience in using standard Security Assessment and Penetration Testing tools such as BurpSuite, Metasploit, and IDA Pro.Knowledge of technical security issues facing large multinational companies.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $135,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.