Job Description:

Bachelor’s degree in Computer Science, Computer Engineering, Cyber Security or a related field. * 3+ years of security experience.

Job summary:

HireDirect team works to ensure that Amazon’s products and services are designed and implemented to the high standards required to maintain and enhance customer trust. Security and Privacy are paramount to maintaining customer trust. We help build trusted products, maintain and operate trusted environments, and advocate trust to customers and stakeholders. We work closely with Amazon’s Devices and Services teams which design and engineer high-profile consumer electronics, including the best-selling Kindle family of products, Amazon Echo, Fire tablets, Amazon Fire TV, Echo Show, Echo Spot, and more.

The Role:

Do you dream about doing work that directly impacts customers, teams, and businesses across the globe? Do you enjoy breaking diverse systems spanning low level embedded software, operating systems, applications, peripherals, web clients, web sites, and cloud services? Do you like finding and exploiting vulnerabilities in products? Do you often find yourself automating and scaling detection of vulnerabilities? Do you want to be part of a security vulnerability research team dedicated to detection and mitigation of vulnerabilities prior to launch in order to keep Amazon consumer devices and services safe? If you answered yes to any of the above, then we have a job for you! Amazon’s Devices & Services Security team is looking for a *Security Engineer* to help development teams create and deploy the next generation of devices and software services securely. This is a role for someone who is passionate about creating highly impactful scalable security solutions.

In this role you will be able to invent technologies and mechanisms that scale to meet the broad and diverse security needs of Devices & Services teams within Amazon. You will be part of a dedicated team of talented security engineers performing vulnerability research, analysis and designing automation to identify vulnerabilities. You will be tasked with both identification of new vulnerabilities in Amazon systems along with creation of high quality static and dynamic security testing (SAST & DAST) detection capabilities to discover and prevent issues throughout the SDLC. You will strive to understand systems, software, and services and develop creative ways to find vulnerabilities and design preventive controls. You will get to employ automation to reduce or eliminate manual effort, helping our internal customers raise the security bar. You will work with development teams who need solutions that make it easy to build and operate secure systems. You will work to deeply understand the needs of your customers and relentlessly seek to improve their experience and productivity. You will be taking on a key role in ensuring that Amazon’s products continue to maintain customer trust. You will be asked to find new ways to solve challenging problems every day.

Successful candidates for this position will possess strong verbal and written communication skills, be self-driven and deliver high quality results in a fast paced environment. They need to really enjoy working closely with their peers on solving global scale security problems.

Key job responsibilities:

Scaling vulnerability detection by inventing and improving custom tools (e.g. static analyzers, fizzers, scanners, etc.) to perform variety of automated static, dynamic analysis.

Reviewing technical solutions, implementing mechanisms to prevent security vulnerabilities and providing actionable long-term risk mitigation guidance to drive security improvements.

Deciding which new security solutions and strategies should be pursued for scaling security in Devices and Services organizations.

Discovering and proposing strategies for integrating security tools into the development life-cycle.

Inventing advanced security solutions that developers can use to self-discover and avoid security vulnerabilities and misconfigurations

Collaborating with product teams to identify systemic security problems & propose new solutions that correct identified issues

Develop technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.

About the team

Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work. We also offer flexible locations and remote work opportunities.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.

* Knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, and devices and application security.

* Knowledge of common software security vulnerabilities (memory corruption, privilege escalation, web application exploitation, protocol-based weaknesses, etc.) and experience with various methods to successfully exploit them.

* Experience in penetration testing, developing proof-of-concept exploits and knowledge of remediation techniques.

* Working experience with vulnerability detection tools such as static and dynamic analyzers, fizzers, etc.

* Experience with Amazon technologies (S3, EC2, Lambda, etc.)

* Experience with scripting (bash, Perl, Python etc.)

* Ideal candidates must be innovative, creative, driven, results-oriented, flexible and self-motivated. Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us. Workers in New York City who perform in-person work or interact with the public in the course of business must show proof they have been fully vaccinated against COVID or request and receive approval for a reasonable accommodation, including medical or religious accommodation.

Apply before June 15, 2022 at hr@hiredirect.com