Lead Sr. Security Engineer - Developer Engagement

Amazon Prime Video Security is hiring motivated and experienced leaders at all levels to chart the course of Information Security within Prime Video. Together we are changing the way millions of customers interact with video content. The Prime Video team delivers movies, TV episodes and Live events to Amazon customers through subscriptions (Amazon Prime), channels as well as purchases and rentals. Amazon believes so deeply in the mission of Video that we've launched our own studio to create original and exclusive content. It's your responsibility to continue to accelerate this business, through novel technical contributions and building programs tha

A day in the life
As a successful Sr. Security Engineer in Prime Video Security, you will be seen as a strong leader who prioritizes well, communicates clearly and compellingly understands how to drive a high level of operational and strategic excellence within a team, while collaborating with a variety of internal and external business partners. You must show exemplary judgment in making technical trade-offs between short- versus long-term security and business goals. A successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts rather than older static based security paradigms, though being aware of the older best practices.

About the hiring group
Security Engagement is focused on security consulting on the use of AWS technologies, secure architectural and deployment strategies within Prime Video. Our focus areas include Edge and Delivery Security, AWS Security, Mobile Application and Device Security. You will be working on providing architectural guidance across Prime Video's most critical projects and have an executive mandate to design to the highest security standards. You will be supported by the Prime Video Security's Governance Risk and Compliance and Privacy pillar and campaign together to identify and reduce risk across Prime Video.

Developer Engagement is focused post- design and near- code release and subscribes to the Application Security "shift left" mentality. You will be responsible for shepherding the right mixture of code review tools to support the Prime Video software development engineer (SDE) community. You will work closely within similarly focused Application Security communities across Amazon and receive support from the Prime Video Security Engineering team to build and deploy state-of-the art code analysis and fuzzing tools.

Production Engagement is focused on post-release components of Prime Video's Information Security program. This team has a wide remit, including partnering with Prime Video Security's Content Protection team on software deployed to living room devices as well as the services that power these devices. Production Engagement includes red-team exercises, in-house and third-party penetration testing and running various Prime Video bug bounty programs. You will have support from partner teams across Amazon that are constantly innovating in the offensive security space. You will also be supported by Prime Video Security's Active Defense blue-team in the quest to find and remediate undetected vulnerabilities.


Job responsibilities
If you are passionate about the field of Information Security and desire to make a positive impact through delivery of projects that protect our customer data and earn their trust, this position will provide you with an unique opportunity in an environment of rapid innovation. The Information Security function within Prime Video is adopting an innovative organizational approach to engage the broad constituencies that we serve - from artists and content creators to our partners and viewership. You will be making an impact on studios, digital rights management (DRM) vendors, chipset vendors, content delivery networks and industry consortiums - even Amazon Web Services (AWS) and the broader Information Security program at Amazon. To support this breadth, your team has executive support as a critical overlay function to the Product Development Lifecycle, intersecting in three functions: Security Engagement, Developer Engagement and Production Engagement.


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Basic Qualifications

Basic Qualifications:

* Extensive and diverse experience working in the field of Information Security
* Experience in scaling application security programs measured against discovery of undisclosed or unknown vulnerabilities, through fuzzing (DAST), static-code analysis (SAST) and software composition analysis (SCA).
* Experience in addressing sizable program gaps through custom tools - examples might include custom network protocols or modern frameworks such as GraphQL that resist analysis by off-the-shelf tools.
* Significant experience managing large security efforts, delivering significant security improvements to large, highly complex systems
* Excellent analytical and interpersonal skills, with ability to communicate clearly and effectively with developers, product managers, and senior business leaders with security metrics to influence decisions
* Excellent executive communications or technical writing; clear, concise, and thorough written and oral communication skills.
* High sense of ownership, urgency, and drive

Preferred Qualifications

Preferred Qualifications:

* Experience in multiple offensive security engineering disciplines, including red-teaming, penetration testing, code reviews, and vulnerability assessments
* Experience in identifying and quantifying security issues and risks, and developing mitigation plans
* Experience working in industry standards groups, influencing external technology & business leaders