Application Security Engineer, Buy With Prime

We are looking for a Application Security Engineer to design security controls and help validate that our services, applications, and emerging technologies are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and decisively taking action to mitigate emerging threats throughout a full software development life-cycle (SDLC).

This role will provide career growth opportunities as you gain new security skills in the course of your work. Security engineers at Amazon have an opportunity to experiment, learn, build tools, and work with teams building new technology and services at massive scale.

A successful candidate will need a combination of troubleshooting, technical, and communication skills. An Application Security Engineer must have the ability to take ownership and deliver on multiple complex objectives which may include project and software development work.


Key job responsibilities
- Lead security projects with end-to-end ownership, including security reviews (including threat modelling, secure design and implementation of security controls), tool development, and creation of new security practices
- Influence decision-makers and stakeholders throughout the organization in multiple teams to achieve a consistently high security bar
- Develop security tools and automation
- Develop and deliver security training or knowledge sharing to internal development teams
- Create security guidance and documentation
- Support the development and improvement of metrics that drive desired behavior and security outcomes
- Support penetration testing engagements and work with software teams to remediate findings
- Support for mentoring, team building and recruiting activities

About the team
Our team is geographically dispersed, with members across Australia and North America. We thrive on both autonomy and collaboration. We’re flexible in how we approach work and always seek to improve things, no matter how small they may first appear to be. We hold a high bar in everything we do. We embrace challenges and always do right by our customers, even if it’s the difficult thing to do. We’re dedicated to supporting new members, with a broad mix of experience levels and tenures, and we’re fostering an environment that celebrates knowledge sharing and mentorship. Our team primarily focuses on supporting the Buy with Prime product.

Buy with Prime is helping people re-imagine the way they shop... wherever they do! Our vision is to enable every entrepreneur in the world to reach every customer in the world through every channel they can imagine. Buy with Prime is a new way to extend Prime shopping benefits—including fast, free shipping, a seamless checkout experience, and free returns—to merchants’ own online stores, ultimately increasing selection for Prime members. For over 20 years, Amazon been empowering small and medium-sized businesses with opportunities to grow. Buy with Prime is an exciting next step in our mission to help merchants of all sizes grow their business—whether on Amazon or beyond.

We are open to hiring candidates to work out of one of the following locations:

Singapore, SGP

Basic Qualifications

- Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
- Minimum of 5 years of professional experience either in, or working closely with application security.
- Minimum 4 years of experience with any combination of at least 2 technical disciplines, including the following: code review, cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, application penetration testing, authentication and authorization, network architecture, system administration, and systems engineering
- Experience with building or reviewing threat models
- Experience defining security controls with product/service teams
- Experience with one or more programming languages (such as Java, Python, etc) for the purpose of code review

Preferred Qualifications

- Professional experience conducting security assessments, including penetration testing
- Ability to lead through influence within the software development life-cycle for multiple products and technologies, meeting customer expectations for security
- Experience implementing security solutions that resolve security and business risk trade-offs
- An understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP)
- An understanding of cryptography, web service frameworks, mobile application architectures, and service architectures (such as event-driven, service-oriented, or serverless architectures)
- Familiarity with reverse engineering or vulnerability research
- Professional experience with applied cryptography
- Familiarity with infrastructure or hardware security