Expoint - all jobs in one place

מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר

Limitless High-tech career opportunities - Expoint

Amazon Sr Security Engineer Hardware Research InfraSec-HLS 
United States, Virginia 
544000636

Today
DESCRIPTION

On this team you will be reading and manually reviewing source code in C, C++, Java, go-lang, Python, JavaScript, Rust, and other languages to look for security bugs. At times, you may not have the source code and will need to black box test for security issues. You’ll be writing proof-of-concept (PoC) code to clearly demonstrate the impact of an issue. You will also be retesting and validating fixes to security issues discovered, as well as figuring out new ways to break the fixes themselves.Key job responsibilities- Audit the security risk of various builds of vendor-provided hardware and software to find security flaws in it as a black-box
- Develop fuzz test harnesses leveraging tools like AFL++, LibFuzzer and honggfuzz to discover vulnerabilities in infrastructure software
- Write proof-of-concept code to demonstrate the severity of a potential security issue
- Provide clear communication on security issues to developers and network engineers that help in understanding the issue and testing the fix
- Partner with AWS developers to drive improvement in application security as a result of security review engagements
- Provide actionable long term risk mitigation guidance
- Work directly with Principal, Senior Principal and Distinguished Engineers to assess high risk attack surfaces to AWS infrastructure
- Present risk assessment reports and demonstrations to Directors and VPsA day in the life
- Validate the security of a new device being introduced into the AWS data center
- Verify the code fixes made to address security issues
- Ensure high security of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
- Perform penetration tests on yet-to-be-released software ensuring it meets security requirements early-on during the development phases by collaborating with AWS engineers


BASIC QUALIFICATIONS

- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+

PREFERRED QUALIFICATIONS

- Bachelor's degree