Amazon Sr Security Engineer Internal Audit 

United States, Washington, Seattle 

312608197

Key job responsibilities- Perform vulnerability assessments of client systems, hardware, services, APIs, and networks to discover vulnerabilities
- Thoroughly document exploit chain/proof of concept scenarios for client consumption- Excellent written and verbal communication skills with the ability to summarize technical vulnerabilities in concise and actionable recommendations for senior leadershipA day in the lifeThis role requires implementation of one’s security knowledge, coupled with the ability to learn and operate as part of a team of highly skilled individuals.

- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- 5+ years of security engineering experience
- Experience working with development teams that have delivered commercial software or software-based services
- Knowledge of threat modeling or other risk identification techniques, and experience with the application of threat modeling or other risk identification techniques
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits

- 5+ years of experience in penetration testing and/or red teaming on production systems
- Proven track record of finding zero days
- Knowledge of network and related web protocols (e.g., TCP/IP, UDP, HTTP/S)
- Development experience in C, C++, Java, and/or assembly (x86,x86-64, ARM)
- Knowledge of operating system internals, with emphasis on Linux
- Experience with system and network security, authentication and security protocols, cryptography, and application security
- Experience scoping and performing penetration testing and vulnerability research on large systems-of-systems
- Experience with Security Engineering and Assurance methodologies; e.g., symbolic execution, fuzzing, static and dynamic code analysis
- Experience working closely with security and incident response teams
- Knowledge of technical security issues facing large companies.
- Experience with AWS products and services