Security Engineer Detection Engineering

Are you inspired by the prospect of work that has a tangible impact on customers teams and businesses worldwide Is your expertise in dissecting complex systems ranging from embedded software to cloud services matched by a zeal for uncovering product vulnerabilities If the thrill of automating vulnerability detection and scaling its reach excites you then we have the perfect opportunity for you. Amazons Security team is on the hunt for a Security Engineer. This pivotal role is designed for those who are fervent about engineering scalable security solutions with significant impact.
In this position you will pioneer technologies and frameworks that cater to the unique security demands of various builder teams at Amazon. As an integral member of a committed team of security experts you will engage in vulnerability research and analysis and craft automation strategies to pinpoint vulnerabilities. Your mission will involve developing sophisticated security testing capabilities to identify and mitigate risks throughout the Software Development Life Cycle (SDLC). Your goal is to deeply understand systems software and services innovating ways to detect vulnerabilities and formulate preventive measures. Embracing automation you will minimize manual processes thereby elevating our internal customers security standards. You will collaborate with development teams to deliver solutions that simplify the creation and management of secure systems. As a leader you will ensure that Amazons products consistently earn customer trust. You will spearhead the exploration of industry leading solutions to complex challenges. Your influential voice will guide the strategic direction of automated security tools within Amazon.

Key job responsibilities
Activities in this role include:
Scaling vulnerability detection by inventing developing and improving custom high quality automated detection tools (e.g. static analyzers fuzzers scanners etc. to perform variety of security vulnerability (SAST DAST etc. analysis.
Providing actionable longterm risk mitigation guidance as well as engineering autoremediation capabilities to drive security improvements at scale.
Making strategic decisions on new security detection solutions which should be pursued for scaling security in builder organizations.
Proposing mechanisms for integrating security detection tools into the development lifecycle.
Inventing advanced security detection tools which developers can use to selfdiscover and avoid security vulnerabilities and misconfigurations.
Advising managers directors and peers on automated security detection matters and influence development teams to adopt detection capabilities.
Independently tackling large crosscutting security issues affecting multiple builder orgs. Prioritize and develop security issue detection collaborating with partner orgs to address unique requirements.

A day in the life
The role of a Security Engineer (SE) on the Detection Engineering team is to ensure that Amazons products are developed securely in order to maintain our customers trust. They work on developing automated detection capabilities in all stages of the SDLC which help developers discover and address security mistakes. Detection Engineers develop independent continuous and automated security verification detection capabilities for their customers (partners and builder teams). They collaborate with subject matter experts across SBS Sec Stores Sec AWS Sec and the development organizations they support to evolve and scale automated detection capabilities. They work on and contributing to the established AmSec security detection ecosystem which orchestrates the and converges the output of automated detection tools. They also allow for easy access to information regarding comprehensive security health metrics for orgs/applications and ondemand intelligence reporting. And finally they drive remediation to reduce the overall risk to the businesses they support and ultimately protect Amazons customers.

About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description we encourage candidates to apply. If your career is just starting hasnt followed a traditional path or includes alternative experiences dont let it stop you from applying.

Why Amazon Security
At Amazon security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazons products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud devices retail entertainment healthcare operations and physical stores.

Inclusive Team Culture
In Amazon Security its in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas perspectives and voices.

Training & Career Growth
Were continuously raising our performance bar as we strive to become Earths Best Employer. Thats why youll find endless knowledgesharing training and other careeradvancing resources here to help you develop into a betterrounded professional.

Work/Life Balance
We value worklife harmony. Achieving success at work should never come at the expense of sacrifices at home which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home theres nothing we cant achieve.

Bachelors degree or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud or CySA (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest
Knowledge and understanding of security engineering system and network security authentication and security protocols cryptography and devices and application security.
3 years of security experience in threat modeling code reviews security testing vulnerability detection attacker exploit techniques and methods for their remediation.

Knowledge of common software security vulnerabilities (memory privilege escalation web application exploitation protocolbased weaknesses etc. and experience with various methods to successfully exploit them.
Experience in penetration testing developing proofofconcept exploits and knowledge of remediation techniques.
Working experience with vulnerability detection tools such as static and dynamic analyzers fuzzers etc.
Experience with Amazon technologies (S3 EC2 Lambda etc.
Experience with scripting (bash Perl Python etc.
Experience with at least one major programming language (Java C# etc.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees supervisors and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees supervisors and staff to ensure exceptional customer service; and follow all federal state and local laws and Company policies. Criminal history may have a direct adverse and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above as well as the abilities to adhere to company policies exercise sound judgment effectively manage stress and work safely and respectfully with others exhibit trustworthiness and professionalism and safeguard business operations and the Companys reputation. Pursuant to the Los Angeles County Fair Chance Ordinance we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the San Francisco Fair Chance Ordinance we will consider for employment qualified applicants with arrest and conviction records.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136000/year in our lowest geographic market up to $212800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on jobrelated knowledge skills and experience. Amazon is a total compensation company. Dependent on the position offered equity signon payments and other forms of compensation may be provided as part of a total compensation package in addition to a full range of medical financial and/or other benefits. For more information please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.