Amazon Sr Pentest Security Engineer Devices & Services 

Portugal, Miragaia e Marteleira 

711417386

Key job responsibilities- Perform vulnerability research using variety of custom tooling and technologies (e.g. symbolic execution, static analyzers, fuzzers, scanners, machine learning, etc).
- Create tools for the discovery of vulnerabilities as well as scale security testing.
- Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements.
- Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.A day in the life
- Perform pentests on yet-to-be-released devices or software ensuring it meets security requirements
- Raise the security bar of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
- Verify the code fixes made to address security issues
- Develop scripts or tools to automate assessments of targets
- Conduct independent vulnerability research on launched products or dependencies

- 5+ years of experience in a penetration testing or similar offensive security role
- 5+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
- 4+ years of experience with code auditing interpreted or compiled languages (e.g. C/C++, Java, Python, Ruby, .NET)
- Experience with threat modeling, design review, or other threat analysis techniques
- Bachelor’s degree in Computer Science or related field, or equivalent industry experience

- Experience with testing low level firmware and hardware
- Experience with applying and assessing Machine Learning technologies
- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
- Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
- Experience in developing security tooling and automation applying cutting edge technologies such as symbolic execution, code analysis, and fuzzing
- Published security research (e.g. conference presentations, whitepapers, blog posts)Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.