Security Engineer, Application Security Automation

Job summary
As a member of the Application Security Automation team, you will help provide automated security testing (SAST/DAST) solutions for all of Amazon. Our team’s goal is to empower both development and security teams with accurate security detections at the highest standards of quality in order to identify and eliminate risk across Amazon’s application portfolio.

You will be responsible for performing security assessments and delivering new security detection rules to enhance our existing testing capabilities. This role will routinely challenge your technical background and critical thinking. You will be expected to collaborate with our team’s stakeholders in a fast-paced environment across many technology stacks and services to deliver scalable solutions.

Acceptable office locations:
Seattle, WA
Austin, TX
New York, NY
Arlington, VA


Key job responsibilities
· Develop, curate, and improve application security detections (static and dynamic) to identify vulnerabilities at scale
· Evaluate and recommend new security testing tools
· Perform static and dynamic application security assessments to ensure the highest quality standard for our detection rule sets
· Risk assessment and Threat Modeling
· Develop, enhance, and interpret security standards and guidance
· Demonstrate and promote security best practices, drive improvements of Amazon’s overall security architecture

Basic Qualifications

· BS in Computer Science, Engineering, or related field or equivalent work experience
· Scripting skills (e.g. Python, Ruby, Perl)
· Well-rounded knowledge of multiple information security domains
· Deep technical understanding of the OWASP Top 10
· 3+ years of experience in code review, application security testing, or web application development
· Excellent written and verbal communication skills

Preferred Qualifications

· Excellent leadership, teamwork, and collaboration skills
· Experience building automated tooling solutions
· Experience with threat modeling and architecture reviews
· Experience with commercial static and dynamic security scanning tools (e.g. Fortify, AppScan, Checkmarx, Coverity, NetSparker, InsightAppSec)
· Information security professional certifications encouraged (SANS GIAC, CISSP, etc.)


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.