Amazon Penetration Testing Engineer Hardware/Firmware/Virtualization 

Italy, Lombardy 

743877815

We are looking for a Penetration Testing Engineer who has a strong passion for security-at-scale. You will be on a team responsible for the delivery of continuous assessments. You will be asked to solve complex technology problems, build tools to automate your way out of manual efforts, and influence the way Amazon services respond to and mitigate threats.We are looking for a Security Engineer to help secure our foundational platforms with an emphasis on hardware. You will be responsible for conducting security reviews including hands-on security evaluations (penetration testing), analyzing threat models, and developing tooling that will help detect security issues at scale.You should be comfortable with tackling novel technical situations, and conducting hands-on testing of new, unique surfaces, to ensure proper security mitigations are in place. You will provide clear technical direction and risk mitigation guidance for diverse engineering and business leaders.Key job responsibilities
* Perform penetration testing of complex proprietary software and hardware for Amazon servers and devices.
* Manually audit the source code of services and software authored in house by Amazon.
* Write proof of concept code to demonstrate the severity of a potential security issue.
* Provide clear communication on issues to developers that suggest and help to test the fix.
* Partner with AWS builders to drive improvement as a result of security review engagements.
* Provide actionable long term risk mitigation guidance.Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life Balance
Mentorship & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

- BS in Computer Science or related field, or equivalent work experience and Minimum of 1 years of professional experience with Security Engineering or Development of Security capabilities, supporting engineering projects from concept to delivery.
- 1 years in one or more of the following technical categories:
- Virtualization security (Xen, KVM, QEMU) and hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA)
- x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, Secure Boot, PCIe) and security testing of compute platforms (Server, PC or Mobile)

- MS in Computer Science, Information Security, or related field, or equivalent work experience and demonstrated ability to prepare technical specifications and communications
- Demonstrated understanding of crypto basics (encryption, signing, certificates, common algorithms)
- Familiarity with AWS services (EC2, GuardDuty, S3, IAM, Kinesis, Lambda, KMS, VPC, etc), relevant security standards (TCG, IEEE, NIST, FIPS, PCI, ISO 28000 series) and familiarity with crypto security design concepts (e.g. certificate handling and PKI, attestation, TPM/HSM)
- Knowledge of Windows, Linux, and hypervisor security (especially in cloud environments)