Security Engineer

Job summary
Amazon Lab126 is an inventive research and development company that designs and engineers high-profile consumer electronics. Lab126 began in 2004 as a subsidiary of Amazon.com, Inc., originally creating the best-selling Kindle family of products. Since then, we have produced groundbreaking devices like Fire tablets, Fire TV and Amazon Echo. What will you help us create?

The Role:
Are you interested in being part of a top-notch security team covering all Amazon consumer devices (including hardware and low-level functionality) as well as key Amazon services supporting our consumer devices (such as Computer Vision, AppStore, Device Registration, Kindle, etc.)? Do you enjoy breaking diverse systems spanning low level embedded software, operating systems, applications, peripherals or web client, web sites, and cloud services? Do you like finding and exploiting vulnerabilities in products? Do you find yourself automating and scaling detection of vulnerabilities every single day? Do you want to be part of a vulnerability research team dedicated to detection and mitigation of vulnerabilities prior to launch in order to keep Amazon consumer devices and services safe? Your work directly impacts the way our customers, teams, and business across the globe get things done. If you want to keep customers safe, then we have a job for you! You can learn more about security at Lab 126 here: https://www.youtube.com/watch?v=k0UTTxzeGog.


In this role, you will be part of a dedicated team of talented security engineers performing vulnerability research, penetration testing and red team exercises to identify vulnerabilities. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping Amazon customers safe and therefore are passionate about mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to reduce manual testing, and enjoy seeing your work's impact across Amazon consumer products and services, then this position is for you. Candidates from entry to senior level will all be considered.

Responsibilities:
· Perform penetration testing and red team exercises across all products, services, and software released by Amazon Lab126 and develop proof of concept exploits.
· Perform vulnerability detection using variety of automated static, dynamic analysis as well as custom tooling (e.g. static analyzers, fuzzers, scanners, analyzers, etc.) to scale vulnerability detection and enable easier analysis of externally reported issues.
· Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements
· Create tools for the discovery of vulnerabilities as well as scale security testing.
· Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.

Note: While the majority of our Security/Privacy roles are based in the Bay Area, CA and Seattle, WA areas, by applying to this position your application will be considered for all locations we hire for in the United States, including but not limited to: Seattle, WA; Bellevue, WA; Sunnyvale, CA, Austin TX.

Basic Qualifications

· Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Cyber Security or a related field
· 3+ years relevant work experience

Preferred Qualifications

· Master’s degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent
· 2+ year of development experience in C, C++, assembly (x86, x86-64, ARM) and/or Java
· Experience with at least one scripting language (e.g. python, ruby, bash, JavaScript, Go)
· Experience in embedded/IoT device security or web services security specifically, with experience of performing software security audits, vulnerability discovery and analysis.
· Experience with common software security vulnerabilities and methods of exploitation, such as memory corruption, privilege escalation, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
· Experience with static and dynamic tools for vulnerability detection and exploit mitigation techniques
· Product security incident response in mobile, IoT or cloud services verticals
· Experience with extracting firmware, reverse engineering a variety of hardware and software, including firmware, operating systems, and applications, binary analysis and proof of concept exploit development
· Knowledge of common wireless connectivity protocols with focus on protocol and implementation security vulnerabilities (e.g. Bluetooth, WiFi, 802.15.4)
· Knowledge of hardware security mechanisms, including secure boot, trusted execution environments

Amazon is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation/ Age

Keyword: digitalsecurity











Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.