Security Engineer, CS Application Security
Toronto, Ontario, CAN
Amazon.comFree shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...
Amazon is seeking a talented and seasoned Senior Applications Security Engineer to focus on securing the ecosystem that powers Amazon Customer Service (CS). CS is one of the largest customer service organizations in the world. Our business operations include tens of thousands of Customer Service Associates around the globe who provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing).
This position will provide you with a challenging opportunity to solve difficult security problems at planetary scale. As a senior security engineer, you will help define short-term and long-term security strategy. You will balance your efforts between strategic and operational deliverables. You will have the opportunity to work with talented engineering teams within Amazon to ensure applications are designed and built securely. You care deeply about keeping Amazon customers secure and therefore are passionate about finding, and mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization (technical and non-technical). The successful candidate must be autonomous, comfortable operating in highly ambiguous situations, and must deliver results in a fast-paced environment.
Your responsibilities will include:
- Perform security reviews including secure design and architecture, threat modeling, threat assessments, secure code reviews, security testing, and security certifications
- Identify security gaps in applications, services, and products including internally developed, as well as third party solutions
- Determine findings criticality taking into account the relevant business, technical, and threat environment
- Produce reports that describes the work perform for a variety of audiences including technical and non-technical stakeholders
- Communicate findings to relevant stakeholders through a combination of verbal and written reports. Identify owners, and drive mitigation of findings within established SLAs
- Record findings and supporting evidence, work product, and testing results following established policies and procedures
- Design, develop, deploy, and maintain security automation, secure-by-default solutions, and other solutions that will enable developer and security engineering productivity using scripting or programming languages
- Develop a broad and deep technical understanding of the services, architectures, and products pertaining to the Customer Service organization
- Contribute to the long-term and short-term security strategy to ensure that applications are designed and built securely
- Comfortably transition between big picture, strategic thinking and tactical, day-to-day operational execution
- Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term and short-term risk mitigation recommendations
- Improve secure software development life-cycle (SSDLC) practices across multiple organizations in Amazon
- Influence decision-makers and stakeholders to achieve a consistently high security bar
- Create relevant documentation, security guidance, and metrics to report to your stakeholders and business leaders and deliver these in a clear, concise manner
- Lead security initiatives with end-to-end ownership
- Participate in security escalations support including on-call rotation
- Evaluate and recommend new and emerging security products and technologies
- Support for mentoring, team building, recruiting activities, onboarding of new team members
- Own and carry out new, reoccurring, or ad-hoc security engineering projects and consultations
- Deliver practical security solutions providing the most customer-centric experience on the planet
- Must be a kind human who enjoys working in a fun team
We are open to hiring candidates to work out of one of the following locations:
Toronto, ON, CAN
• 5+ years of work in related technical roles (such as threat hunting, threat intelligence, security data analysis, etc.).
• 5+ years with cloud technologies (AWS preferred, Azure, Google Cloud, etc).
• 5+ years experience with security analysis on cloud services, especially server-less and authentication services.
• 3 + years experience using data analysis tools and technologies, such as SQL, Jupyter, R, Python.
• 3+ years experience with active attacks / live scenarios / applied computer security.
Preferred Qualifications- Masters degree in mathematics, computer science, or related engineering disciplines.
- Familiarity with host and network log analysis.
- Standing relationships with global associations relevant to the position.
- Knowledge and experience with hunting utilizing TTPs (Tactics, Techniques and Procedures).
- Experience with security architecture, system architecture, threat modeling, incident handling/response, reverse engineering, malware analysis, adversary methodologies, and/or threat intelligence.
- Possess a strong understanding of common enterprise technologies.
- Extensive knowledge of computing security issues and threat vectors.
- Experience with AWS products and services.
- Experience with cross-organizational collaboration and creation of remediation plans.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, disability, age, or other legally protected status. If you would like to request an accommodation, please notify your Recruiter.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS Azure Cloud Computer Science GCP Log analysis Malware Mathematics Python Reverse engineering Scripting Security analysis Security strategy SLAs SQL Strategy Threat intelligence TTPs Vulnerabilities
Perks/benefits: Team events
More jobs like this
USA - Saint Charles, … USA - Saint Charles, MO Full TimeSenior Senior-levelUSD 73K - 154K USD 73K+
Systems Engineer Support Analyst - Direct Attack Weapons (Associate, Experienced, or Lead)C Clearance Compliance Jira PhD Privacy +2
Career development Competitive pay Flex vacation Health care Insurance +5
Saint Louis, Missouri, United … Saint Louis, Missouri, United States Full TimeSenior Senior-levelUSD 75K - 140K * USD 75K+ *
Director, Cyber Architecture and EngineeringCloud Privacy Risk assessment Risk management Strategy Teaching
Career development Health care Team events Transparency
Santa Clara, CA, United … Santa Clara, CA, United States Full TimeSenior Senior-levelUSD 85K - 110K USD 85K+
Palo Alto Networks
Staff Engineer Software (L7- Network Security)Application security C Cloud Computer Science Firewalls Golang +6
Career development Medical leave Salary bonus Startup environment
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Chief Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Architect jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open DoD-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs