Amazon's Internal Audit Security team is seeking a Security Engineer II to join our mission of protecting customer data and keeping Amazon secure. You will partner with world-class engineering teams to uncover vulnerabilities, design novel abuse scenarios, and assess large-scale security solutions across Amazon's products, services, and infrastructure.
In this role, you will leverage your skills in vulnerability assessment, exploitation, penetration testing, and red teaming to identify and mitigate risks. Your work will span source code analysis, network penetration, and application exploitation. You will design, implement, and execute methodologies for security assessments of critical Amazon systems. You will be exposed to the full breadth of technology used across Amazon and its subsidiaries, influence security architectures, and communicate risks to Senior Executives.
This role requires technical depth coupled with the ability to operate independently and as part of highly-skilled teams.
Key job responsibilities
- Conduct full-cycle security engagements spanning vulnerability discovery, exploitation, risk analysis, and remediation planning
- Perform security assessments including design reviews, threat modeling, and penetration testing on production software, hardware, networks, and cloud services
- Execute comprehensive security testing following Internal Audit standards and industry best practices
- Develop novel abuse scenarios and campaigns to push boundaries and enhance Amazon's security
- Build large-scale security solutions for testing, monitoring, remediation, analytics, and automation across Amazon
- Collaborate with development teams to create new security tooling and enable secure software practices
- Demonstrate exceptional judgment, integrity, technical expertise, business acumen, and communication skills
- Prepare and deliver security risk recommendations to technical teams and leadership
About the team
Internal Audit Security executes independent assessments of the efficacy of Amazon's layered security controls. We prioritize security assessments of systems and processes that may impact foundational technologies, human safety, privacy and durability of customer data, and financial systems. We believe active tests are required to assess complex environments and emphasize custom tooling to enable safe operation at scale.
At Amazon, we embrace diversity, equity, and inclusion. We are dedicated to building an environment that celebrates knowledge sharing, mentorship, and career growth for our team members. Join us in delivering secure, trusted experiences for Amazon customers worldwide.
- 4+ years experience in offensive and/or defensive security roles
- Bachelor's degree in Computer Science, related fields, or equivalent experience
- Proficiency in multiple programming and scripting languages like Python, Ruby, Bash, C, and Java
- Hands-on experience with security testing tools and techniques
- Excellent written/verbal communication skills- Domain expertise in at least two of: security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and testing, cryptography, software development security, and reverse engineering
- Vulnerability research experience with complex software and hardware components
- Cloud computing (AWS), virtualization, containerization architecture knowledge
- Experience with the design and implementation of technical security controls at the business division level
- Experience with microservices, APIs, and distributed systems
- Strong data analysis abilities to derive insights from security signals
- Participation in bug bounty programs
- Experience building scalable, reusable security frameworks and tools
- Web service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks
- Experience using boto3
- Ability to navigate ambiguity, make tough technical decisions, and drive initiatives
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Companyβs reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit
https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region youβre applying in isnβt listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit
https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
