The point where experts and best companies meet
Share
Export Control Requirement:
Key job responsibilities
* Perform penetration testing exercises across all products, services, and software released by Amazon Lab126 and develop proof of concept exploits.
* Perform vulnerability research using variety of custom tooling and technologies (e.g. symbolic execution, static analyzers, fuzzers, scanners, machine learning, etc).
* Create tools for the discovery of vulnerabilities as well as scale security testing.
* Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements.
* Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.A day in the life
* erform pentests on yet-to-be-released devices or software ensuring it meets security requirements
* Perform code review of a driver for a new device being launched to our customers
* Write proof-of-concept code to demonstrate the impact of a security issue
* Raise the security bar of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
* Verify the code fixes made to address security issues
* Develop scripts or tools to automate assessments of targets
* Conduct independent vulnerability research on launched products or dependencies
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security
Work/Life BalanceTraining & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
- 3+ years of experience in a penetration testing or similar offensive security role
- 3+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
- 2+ years of experience with interpreted or compiled languages (e.g. C/C++, Java, Python, Ruby, .NET)
- Experience with threat modeling, design review, or other threat analysis techniques
- Bachelor’s degree in Computer Science or related field, or equivalent industry experience
- Experience with testing low level firmware and hardware
- Experience with applying and assessing Machine Learning technologies
- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
- Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
- Experience in developing security tooling and automation applying cutting edge technologies such as symbolic execution, code analysis, and fuzzing
- Published security research (e.g. conference presentations, whitepapers, blog posts)
These jobs might be a good fit