As a Security Engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Key job responsibilities
- Design and build scalable systems that detect, classify, and prevent security escapes across all of Amazon
- Develop and extend LOAF's neural network-powered detection capabilities, improving precision and coverage across vulnerability classes
- Architect shift-left tooling that integrates directly into developer workflows, catching vulnerabilities before they reach production
- Own critical components of LOAF's platform end-to-end, from design through deployment and operational excellence
- Partner with security teams across Amazon to understand escape patterns and translate them into automated detection and prevention mechanisms
- Build APIs and integrations that enable engineering teams across the company to consume LOAF's unified escape data and prevention tooling
- Define and instrument metrics that measure real reduction in escape volume, using data to prioritize engineering investment
- Investigate novel vulnerability patterns and prototype detection approaches that expand LOAF's coverage to new escape classes
BASIC QUALIFICATIONS
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
- 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Bachelor's degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- 4+ years of any combination of the following: application security frameworks, identity and access controls, incident response, mobile security, cloud computing and security, AI security, threat intelligence, and penetration testing experience
- Knowledge of one or more of the following domains: access-control system and methodology, network security, application- and system-development security, security architecture and models, cryptography, and operations security
PREFERRED QUALIFICATIONS
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 2+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
- Experience with AWS products and services