Have you wanted an opportunity to find security issues in the embedded systems/devices and low level software that enables day to day corporate functions? Are you able to break into embedded systems/devices by exploiting vulnerabilities in wireless, Bluetooth, using fault injections or other attacks? This position will provide you with a unique opportunity to find security issues into every day devices
Device & Services Security (DSS) is the Business Security Team for Amazon Devices. We own the security outcomes and relationship with Devices-org acquired companies. Each acquired company runs its own security program; DSS is the connective tissue that lets Amazon Security understand posture, surface meaningful risk to Amazon leadership, and coordinate on the few areas where the boundary genuinely needs to be crossed (incident response, identity, cross-org data, executive escalation).
Key job responsibilities
The current primary engagement for this role is Zoox, Amazon's autonomous vehicle subsidiary, which is building the first ground-up fully autonomous robotaxi fleet. The role is not Zoox-exclusive: you will be expected to support other organizations in the DSS portfolio as priorities shift, and to bring patterns from one engagement to the next.
Key job responsibilities:
* Creating, updating, and maintaining threat models for a wide variety of software projects
* Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
* Development of security automation tools
* Perform design reviews and risk assessments for new or existing production infrastructure.
* Enhance existing systems to detect mis-configurations within large deployments.
* Security training and outreach for internal development teams
* Security architecture and design guidance
* Independently solve security problems that require novel methods or approaches
* Influence your team's and partners' process, priorities, and choices to improve outcomes
A day in the life
As a security engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers. You will drive continuous improvement in policy, systems, and tools securing critical data and infrastructure.
You will be the technical owner of how Amazon Security sees a given organization, how risk is captured and reported, and how the small set of cross-org expectations actually get wired up. This is a high-autonomy, high-visibility IC role with direct reach into Amazon Security leadership and acquisition CISOs.
BASIC QUALIFICATIONS
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 3+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Knowledge of industry-based security vulnerabilities and remediation techniques
PREFERRED QUALIFICATIONS
- Experience with AWS products and services
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Experience in any combination of the following: application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development
- Experience supporting a security program for a robotics, automotive, autonomous vehicle, or other physical-product company with corporate, data center, lab, and edge environments in scope.
- Compliance fluency: NIST 800-53, CSF 2.0, ISO 27001, SOC 2, or automotive-adjacent frameworks (ISO/SAE 21434, UNECE R155).
- Experience integrating LLM-based tooling into security workflows (triage assistants, evidence collection, control-mapping copilots).
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, CA, Sunnyvale - 166,600.00 - 212,800.00 USD annually