Sr Security Engineer, Corporate Services Security

Sr Security Engineer, Corporate Services Security

Job ID: | Amazon.com Services LLC

Corporate Services Security (CPSS) is the Amazon security team aligned with Finance & Global Business Services (FGBS), People eXperience & Technology (PXT), Legal and Global Communications and Community Impact (GCCI) business units. Our Mission is to protect and safeguard Amazon's corporate services, systems, and data. Through proactive engagement with the development teams, we understand the dynamic business processes that run Amazon, and enable our stakeholders to innovate, build, and scale securely. The Product Security Team within CPSS supports a large number of applications built using AWS Services.

Key Job Responsibilities

• Creating, updating, and maintaining threat models for a wide variety of web applications hosted on cloud
• Manual and automated secure code review, primarily in Java, Python and JavaScript
• Development of security automation tools
• Adversarial security analysis using the latest tools to augment manual effort
• Provide security training and outreach for internal development teams
• Provide security architecture and design guidance to application development teams
• Independently solve systemic, complex security problems that require novel methods or approaches
• Influence your team’s and partners’ process, priorities, strategy and choices by using data to improve security outcomes
• Provide technical and strategic guidance to senior leaders and stakeholders through effective oral and written communications

A Day in the Life

As a Security Engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing novel services. In a given day, you might be inspecting an application’s code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service.

The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security specialist with one or more areas of deep expertise within application security. They will clearly articulate risks to technical and non-technical audiences alike. Successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. They will shape the strategy of the Product Security Team and influence systemic security improvements across our service organizations. They will guide and mentor other engineers on the team.

Basic Qualifications

• 5+ years of non-internship background in troubleshooting systems issues, analyzing logs, or automating complex tasks using command line tools experience
• 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
• 5+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
• Experience as a mentor, tech lead or leading an engineering team

Preferred Qualifications

• Experience applying threat modeling or other risk identification techniques or equivalent
• Experience with security in service-oriented architectures/microservices and web services

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Salary: 178,400.00 - 226,700.00 USD annually (USA, VA, Arlington)

Benefits include health insurance (medical, dental, vision, prescription), Basic Life & AD&D insurance, elective supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage, 401(k) matching, paid time off, and parental leave.