Amazon Pentest Security Engineer II Devices & Services Pentesting 

Portugal, Miragaia e Marteleira 

564253291

The Amazon DSTS organization was formed in 2014 with the mission of protecting Amazon Devices & Services (D&S) customers’ trust, data, and the systems on which they rely. We protect customers by performing security reviews, offensive testing, vulnerability assessments, and provide guidance for remediations. DSTS builds the foundational capabilities that raise an org-wide security bar across the growing diversity of D&S businesses - securing 100+ device types, 12,000+ applications, and 100+ product lines that are developed and operated by more than 16,000+ builders.Key job responsibilities- Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance to drive security improvements.- Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation to guide communication with internal engineering stakeholders and leadership.

- 3+ years of experience in a penetration testing or similar offensive security role.
- 3+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines.
- 2+ years of experience with interpreted or compiled languages (e.g. C/C++, Java, Python, Ruby, .NET).
- Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks.
- Bachelor’s degree in Computer Science or related field, or equivalent industry experience.

- Experience with testing low level firmware and hardware.
- Experience with applying and assessing Machine Learning technologies.
- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services.
- Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response).
- Experience in developing security tooling and automation, applying cutting edge technologies such as symbolic execution, code analysis, and fuzzing.
- Published security research (e.g. conference presentations, whitepapers, blog posts).Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.