Sr Incident Response and Threat intelligence Engineer

Sunnyvale, California, USA

Applications have closed logo
Find more jobs like this

Amazon Lab126 is an inventive research and development team that designs and engineers Amazon devices, from Kindle to Amazon Echo. What will you help us create?

Are you interested in being part of a top-notch security team covering all Amazon consumer devices (including hardware and low-level functionality) as well as key Amazon services supporting our consumer devices (such as Computer Vision, AppStore, Device Registration, Kindle, etc.)? Amazon Lab126 is looking for exceptional candidates to join our Security Incident Response Team. The incident response team’s mission is to identify, handle, address, communicate and learn from security incidents affecting Amazon consumer devices and associated web services. Do you enjoy analyzing reported issues to identify security vulnerabilities and mitigating these issues keep customers safe? We are looking for talented security engineers who have experience in either devices or web services security. Your work directly impacts the way our customers, teams, and business across the globe get things done. If you care deeply about keeping customers safe, then we have a job for you! You can learn more about security at Lab 126 here:

A day in the life
• Perform root cause analysis of externally reported issues and work with product, partner and vendor teams to assess impact.
• Review security fixes, technical solutions and designs to enable product teams to mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements.
• Perform analysis of threat intelligence data to synthesize areas of proactive focus spanning product stacks.
• Perform vulnerability detection using variety of automated static, dynamic analysis as well as custom tooling (e.g. static analyzers, fuzzers, scanners, analyzers, etc.) to identify device or web services, vulnerabilities and develop proof of concept exploits.
• Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for communication with internal engineering stakeholders as well as leadership.

Job responsibilities
In this role, you will be part of a dedicated team of exceptional security engineers performing analysis of externally reported security incidents to assess the severity and determine security impact to Amazon Lab126 and subsidiary products. You will communicate securely and responsibly to address reported issues collaboration with product teams and to do the right thing for our organization. You will work with security stakeholders within the company, security research community and partner organizations across the ecosystem towards coordinated disclosure of vulnerabilities. You will lead gap analysis efforts to identify learnings to improve product security. You will work on identifying vulnerabilities in diverse product stacks spanning multiple architectures, SoCs to identify vulnerabilities in low level embedded software, operating systems, applications, peripherals or web client, web sites, and cloud services as well as introduce defenses to raise the effort for attackers. You will identify detective and preventative technology and automation to reduce the impact of security incidents and work with fellow team members to build and deploy such technology. Your role includes performing analysis of threat actor tactics, techniques to gather threat intelligence as well as sharing your technical expertise to drive improvements during the product development lifecycle. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, analyzing security exploits, and enjoy seeing your work's impact across Amazon consumer products and services, then this position is for you.

Note: While the majority of our Security/Privacy roles are based in the Bay Area, CA and Seattle, WA areas, by applying to this position your application will be considered for all locations we hire for in the United States, including but not limited to: Seattle, WA, Arlington, VA; Bellevue, WA; Sunnyvale, CA, Austin TX.

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Basic Qualifications

• Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Cyber Security or a related field
• 7+ years relevant work experience
• 2+ year of development experience in C, C++, assembly (x86, x86-64, ARM) and/or Java
• Experience with at least one scripting language (e.g. python, ruby, bash, JavaScript, Go)

Preferred Qualifications

Master’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent. Candidates with experience in at least one of the areas is preferred.
• Experience managing large scale incidents or being part of a dedicated product security incident response team
• Experience in performing security research and reporting vulnerabilities in widely used software or participating in projects related to vulnerability research and sharing contributions via public research, blogging, and presentations with the security community.
• Experience in embedded/IoT device security or web services security specifically, with experience of performing software security audits, vulnerability discovery and analysis.
• Experience with common software security vulnerabilities and methods of exploitation, such as memory corruption, privilege escalation, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
• Experience with static and dynamic tools for vulnerability detection and exploit mitigation techniques
• Experience with extracting firmware, reverse engineering a variety of hardware and software, including firmware, operating systems, and applications, binary analysis and proof of concept exploit development.
• Knowledge of common wireless connectivity protocols with focus on protocol or implementation security vulnerabilities (e.g. Bluetooth, Wi-Fi, 802.15.4, Zigbee) or hardware security mechanisms, including secure boot, trusted execution environments or operating system internals and associated security issues with emphasis on Linux, Android and common RTOS environments
• Experience with analysis tools such as IDA, Ghidra, Radare, Burp Suite, and network traffic dissectors such as Wireshark.
o Experience with service-oriented architecture and web services security
o Foundation in, and in-depth technical knowledge of, security engineering, computer and network security, authentication, security protocols and applied cryptography.
o Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)

Job region(s): North America
Job stats:  11  0  0

Explore more Information Security career opportunities