Amazon Lead Security Engineer Vulnerability Management Response 

United States, Washington, Seattle 

971972993

As a Security Engineer in VMR Response, you will play a hands-on role in the proactive identification and remediation of security issues at Amazon. You will be part of a global-scale vulnerability response service supporting a diverse technical ecosystem. Your teammates are an international group of security engineers, software developers, and technical program managers dedicated to continuously raising the security bar.
Key job responsibilities
- You are considered a technical leader on VMR and deliver high quality products, sometimes through others.
- You intake, and evaluate vulnerabilities, misconfigurations, and weaknesses, assisting junior engineers.
- You craft and deploy security campaigns, assisting junior engineers.
- You participate in on-call rotations.
- You engage autonomously with product and system owners to help create, build and innovate campaigns, possibly by writing code, scripts, creating detections, etc.
- Your work focuses on large, ambiguous security problems in internal and partner-org security services or initiatives. Representing VMR, you bring perspective and provide context for current security best practices and the costs associated with them. You understand that not all security problems are new (or require new tools). You make risk-based trade-offs with larger-scale impact, with strong knowledge of compensating controls.
- You fix deficiencies proactively and/or propose large projects, mindful of resources, which may require the work of VMR and other teams related by architecture.
- You are able to split work into parallel tasks performed by you and others to accomplish more.
- You may design or write code that delivers security automation.
- You have significant domain expertise in three or more core CBK areas and secondary specializations, (e.g. infrastructure security, threat intelligence, security operation, endpoint security, or identity management).About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Work/Life BalanceTraining and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

- 5 years hands-on Security Engineering experience, with at least 3 years in vulnerability management.
- 5 years experience building, operating, and maturing large-scale security systems or services, including cloud-based services.
- Ability to write code/scripts to create detections
- Evaluate and assess detections to ensure proper scope and drive campaign effort

- Bachelor's degree
- Experience automating security operations.
- Experience with systems design.
- Experience with AWS services.