Application Security Engineer, InfraSec-A&T

Job summary
At Amazon Web Services (AWS), we provide world-class, flexible, scalable, and secure cloud services to the world’s fastest growing startups, the largest enterprises, and leading government agencies. We do this by building, maintaining, and securing one of the largest, most complex infrastructures in the world. Within AWS, the Infrastructure Security – AppSec & Testing (InfraSec-A&T) team is responsible for application security (threat modeling, shift-left security), fuzzing, and penetration testing of AWS Infrastructure. InfraSec-A&T is part of the Infrastructure Security – Threat, Vulnerability, and Operations (InfraSec-TVO) organization responsible for threat intelligence, vulnerability management, security information and event management (SIEM), incident response, and overall security across the global AWS infrastructure.

InfraSec-A&T is looking for an Application Security Engineer to help validate that our infrastructure, services, applications, hardware and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of infrastructure components, applications, services, firmware, discovering and addressing security issues, building/designing automation, and providing insight in resolving new threats.

An AppSec Engineer at InfraSec-A&T is expected to be strong in multiple security domains, never afraid to learn and dive-in and provide significant contributions to the AWS Infrastructure organization. Security engineers are expected to design elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.

A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views.

You will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.

Responsibilities:
* Application Security threat modeling
* Penetration testing
* Code reviews in C/C++/Java/other languages
* Security training and outreach to internal development teams
* Security guidance documentation
* Security tool development
* Security metrics delivery and improvements
* Assistance with recruiting activities and administrative work




Key job responsibilities
· Perform architecture security reviews
· Perform threat modeling using a variety of methodologies as appropriate
· Review code fixes and code samples for security issues
· Penetration testing (not always)

About the team
InfraSec-A&T team puts a high value on work-life balance. We care deeply about your career growth by providing training opportunities.

We are committed to inclusion and diversity. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

Basic Qualifications

· BS in Computer Science or related field, or equivalent work experience.
· Minimum of 5 years of experience with any combination of the following: threat modeling experience, secure coding, software development, cryptography, system administration and network security.
· Minimum of 5 years of experience with security engineering, system and network security, authentication and security protocols, cryptography, or application security.

Preferred Qualifications

· Meets/exceeds Amazon’s leadership principles requirements for this role
· Meets/exceeds Amazon’s functional/technical depth and complexity for this role
· Experience implementing security solutions at the business division level
· An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
· An understanding of web services, embedded software security
· Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
· Excellent written and verbal communication skills
· Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
· Strong sense of ownership, urgency, and drive
· Sharp analytical abilities and proven design skills

#InfraSec


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.