Amazon Offensive Security Engineer AWS Bug Bounty 

United States, Texas, Arlington 

107279452

The primary responsibility of this role is to leverage your experience and internal knowledge of AWS systems to effectively triage a diverse set of incoming reports which can pertain to any of AWS's 200+ services. As part of this role you will act as the escalation point for fellow members of the team and are expected to be an experienced pen-tester. Technical dive deep and curiosity are a way of life on this team in order to establish the true severity of a report and what defense in depth mechanisms need to happen beyond just an immediate patch.Automation is the key to scaling and innovation at AWS and in this role you will own writing automation to reduce the load on humans; everything from developing ticketing, reporting and trend identification automation.This role will provide you with challenging opportunities, both technologically and as a leader to grow AWS’s Bug Bounty Program into the best on planet Earth.Key job responsibilities
- Researching, reproducing, and responding to security vulnerabilities reported through the bug bounty program
- Technical Escalation
- Managing relationships with external security researchers working with AWS's bug bounty program
- Perform deep analysis of new vulnerability classes- Influencing and driving program direction
- Identify and drive resolution of vulnerability trends
- Attend industry conferences and assist in hosting on site hack-a-thons and other researcher engagement activitiesA day in the lifeDiverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life Balance

- A Bachelor’s degree in Computer Science, Cybersecurity, similar degree, or equivalent professional experience can be used in lieu of a degree.
- Minimum of 3 years of experience in security testing (Penetration testing, Vulnerability testing, Red teaming, bug hunting or CTF experience)
- Minimum of 3 years of experience with manually auditing source code (One or more of: Java, Ruby, Python, JavaScript, Rust, C, others) to find security issues.
- Minimum of 3 years of experience programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Minimum of 3 years of professional experience with security engineering practices such as in web application security, network security, authentication and authorization protocols, cryptography, automation and other software security disciplines.

- Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
- Experience with bug hunting, bug bounties, capture the flag, software development
- Experience with multiple programming languages