Sr. Security Engineer, Remediation Team

Job summary
The Security Remediation Team is seeking a Sr. Engineer to help redefine how we prevent or (auto)remediate newly detected vulnerabilities at time of creation.

Key job responsibilities
In this role you will conduct deep research into the constructs of how systems are built and operated/ managed at amazon, and the usage conditions which result in sources of risk. You will leverage this research to develop requirements to be adopted by core service teams, and/ or develop preventative controls or auto-remedies to compensate for these constructs and conditions.

A day in the life
You will interact with security, service and product teams to tease apart the source and corrective measures for our most systemic, critical vulnerabilities. Your core mission is to better secure our service ecosystem while simultaneously lowering the operational taxation placed on developer teams to achieve and maintain posture improvements.

About the team
The Circuit group within the Remediation team is Amazon InfoSec's vulnerability eradication team. In other organizations this function may be referred to as a SWAT team. We get to play and explore in a wide spectrum of technology domains, including but not limited to cloud security, application security, subsidiary security, core services, and identity and access management. If we're our offensive security teams jobs is becoming harder, we are succeeding.

Basic Qualifications

· 5+ years of progressive experience within a software security team or similar operating environment
· Experience with service-oriented architectures and web services security.
· Well versed in application security, infrastructure security, business risk analysis and making complex business/risk trade-off recommendations and decisions.
· Technical knowledge in at least one security domain such as engineering, system and network security, authentication or security protocols.
· Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques
· Strong information security risk-based prioritization abilities
· BA/BS in computer science, information security, related discipline, or equivalent work experience

Preferred Qualifications

· 2+ years of software development experience
· Ability to make concrete progress in the face of ambiguity and imperfect knowledge
· Sharp analytical abilities and proven design skill
· Experience with cloud service providers and their offerings, preferably and its various technologies and APIs
· Information security professional certifications encouraged (SANS GIAC, CISSP etc.)



Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.