Application Security Engineer, InfraSec-A&T
New York, New York, USA
Amazon.com
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...At Amazon Web Services (AWS), we provide world-class, flexible, scalable, and secure cloud services to the world’s fastest growing startups, the largest enterprises, and leading government agencies. We do this by building, maintaining, and securing one of the largest, most complex infrastructures in the world. Within AWS, the Infrastructure Security – AppSec & Testing (InfraSec-A&T) team is responsible for application security (threat modeling, shift-left security), fuzzing, and penetration testing of AWS Infrastructure. InfraSec-A&T is part of the Infrastructure Security – Threat, Vulnerability, and Operations (InfraSec-TVO) organization responsible for threat intelligence, vulnerability management, security information and event management (SIEM), incident response, and overall security across the global AWS infrastructure.
InfraSec-A&T is looking for an Application Security Engineer to help validate that our infrastructure, services, applications, hardware and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of infrastructure components, applications, services, firmware, discovering and addressing security issues, building/designing automation, and providing insight in resolving new threats.
An AppSec Engineer at InfraSec-A&T is expected to be strong in multiple security domains, never afraid to learn and dive-in and provide significant contributions to the AWS Infrastructure organization. Security engineers are expected to design elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.
A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views.
You will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.
Responsibilities:
* Application Security threat modeling
* Penetration testing
* Code reviews in C/C++/Java/other languages
* Security training and outreach to internal development teams
* Security guidance documentation
* Security tool development
* Security metrics delivery and improvements
* Assistance with recruiting activities and administrative work
Key job responsibilities
· Perform architecture security reviews
· Perform threat modeling using a variety of methodologies as appropriate
· Review code fixes and code samples for security issues
· Penetration testing (not always)
About the team
InfraSec-A&T team puts a high value on work-life balance. We care deeply about your career growth by providing training opportunities.
We are committed to inclusion and diversity. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Basic Qualifications
· BS in Computer Science or related field, or equivalent work experience.
· Minimum of 5 years of experience with any combination of the following: threat modeling experience, secure coding, software development, cryptography, system administration and network security.
· Minimum of 5 years of experience with security engineering, system and network security, authentication and security protocols, cryptography, or application security.
Preferred Qualifications
· Meets/exceeds Amazon’s leadership principles requirements for this role· Meets/exceeds Amazon’s functional/technical depth and complexity for this role
· Experience implementing security solutions at the business division level
· An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
· An understanding of web services, embedded software security
· Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
· Excellent written and verbal communication skills
· Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
· Strong sense of ownership, urgency, and drive
· Sharp analytical abilities and proven design skills
#InfraSec
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation AWS C C++ Cloud Computer Science Cryptography Incident response Java Network security Pentesting Perl Python Ruby SIEM TCP/IP Threat intelligence Vulnerability management
Perks/benefits: Career development Conferences Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs