Amazon Application Security Engineer Amazon Ads 

United States, New York, New York 

667032624

Key job responsibilities
• Perform security reviews including secure design and architecture review, threat modeling, threat assessments, secure code reviews, security testing, and security certifications
• Identify security gaps in applications, services, and products including internally developed, as well as third party solutions
• Determine findings criticality taking into account the relevant business, technical, and threat environment
• Produce reports that describes the work perform for a variety of audiences including technical and non-technical stakeholders
• Communicate findings to relevant stakeholders through a combination of verbal and written reports. Identify owners, and drive mitigation of findings within established SLAs
• Record findings and supporting evidence, work product, and testing results following established policies and procedures
• Design, develop, deploy, and maintain security automation, secure-by-default solutions, and other solutions that will enable developer and security engineering productivity using scripting or programming languages
• Develop a broad and deep technical understanding of the services, architectures, and products pertaining to the Customer Service organization
• Contribute to the long-term and short-term security strategy to ensure that applications are designed and built securely
• Comfortably transition between big picture, strategic thinking and tactical, day-to-day operational execution
• Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term and short-term risk mitigation recommendations
• Improve secure software development life-cycle (SSDLC) practices across multiple organizations in Amazon
• Influence decision-makers and stakeholders to achieve a consistently high security bar
• Create relevant documentation, security guidance, and metrics to report to your stakeholders and business leaders and deliver these in a clear, concise manner
• Lead security initiatives with end-to-end ownership
• Participate in security escalations support including on-call rotation
• Evaluate and recommend new and emerging security products and technologies
• Support for mentoring, team building, recruiting activities, onboarding of new team members
• Own and carry out new, reoccurring, or ad-hoc security engineering projects and consultations
• Deliver practical security solutions providing the most customer-centric experience on the planet
• Must be a kind human who enjoys working in a fun team

- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Bachelor's degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP

- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- Experience with AWS products and services
- Experience with programming languages such as Python, Java, C++