Amazon Product Security Engineer II Healthcare 

United States, Texas, Arlington 

470585645

- Methodically empirical and experimental in approach and evaluation without being bound by over paralysis-by-analysis;- Work ceaselessly to improve knowledge of the security field, threat landscape, security intelligence, moving proactively toward prevention and detection of threats;- Be an enthusiastic learner and curiosity seeker, focusing on what can be done rather than hindered by notions of what cannot be;- Have excellent time management skills along with the ability to deliver results in the face of uncertainty;
Key job responsibilities- Act as a consultant and trusted resource on secure development and implementation practices, and secure-by-default opportunities.- Period on-call responsibilities, and occasional travel as required.- Identify and prioritize security problems that can be detected using automation.
- Develop detection prototypes for these security problems to enhance our tool-set for static and dynamic analysis.- Identify opportunities to prevent security problems at scale.- Deliver metrics to show effectiveness of our security initiatives.A day in the life
- Conduct Application Security Assessments (ASR). Includes tasks such as security architecture reviews, threat modeling, penetration testing, and automated and manual code reviews- Analyze security test results, document risks, and recommend mitigating controls
- Design security automation and select tooling to improve our detection of application vulnerabilities, and to assist in the remediation of findings
ABOUT AmSec:Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Work/Life BalanceInclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

- 4+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- Experience implementing security solutions at the business division level or equivalent
- Experience with programming languages such as Python, Java, C++
- Extensive experience identifying, testing, and remediating against vulnerabilities including those found in the OWASP Top 10 and CWE/SANS Top 25
- Experience building automation and/or writing scripts to solve security problems

- Experience with AWS products and services
- Experience applying threat modeling or other risk identification techniques or equivalent
- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+