AWS Application Security, Sr. Engineer

Since early 2006 Amazon Web Services (AWS) has provided companies of all sizes with an infrastructure web services platform in the cloud. With AWS you can requisition compute power storage and other services thereby gaining access to a suite of elastic IT infrastructure services as your business demands them. AWS customers can take advantage of global computing infrastructure which is the backbone of multi-billion dollar retail business. AWS provides scalable reliable and secure distributed computing infrastructure that has been honed for over a decade. For more information on Amazon Web Services please visit: AWS IT Security team is responsible for the security and availability of all cloud and mobile products and services offered by AWS. This includes cloud services such as EC2 and S3 as well as consumer offerings like Amazon Appstore and Cloud Drive. Our team works with development teams to design and build secure solutions participate in and coordinate penetration testing activities and generally solve security challenges at massive scale.

AWS Security is looking for a Senior Application Security Engineer to help validate that our services applications and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services discovering and addressing security issues building security automation and quickly reacting to new threat scenarios. You will have the opportunity to learn from and be mentored by those who are building and securing our leading-edge services.

A Security Engineer at Amazon is expected to be strong in multiple domains and provide significant contributions to the AWS IT Security team and to multiple groups throughout Amazon. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.

A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the AWS IT Security teams work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS IT Security and by groups throughout Amazon) while having an understanding of the application of Information Security in a broad range of technical areas.

A successful candidate will need a combination of troubleshooting technical and communication skills as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.

You will work with innovative technology and be a part of the AWS Application Security team. You should have strong problem-solving skills excellent communication skills an understanding of modern Internet threats the ability to influence people from customers to managers by creating a win-win solutions and the desire to be an individual contributor to securing Amazons next generation technology. Joining the Amazon Web Services Application Security team provides the unique challenge and opportunity to build and review systems at the innovation of the cloud to identify threats against AWS and our customers. You will draw upon exemplary technical architecture skills application security knowledge project management critical thinking problem solving skills and a passion for securing interconnected software systems. You should be open to new challenges extremely good at multi-tasking innovative creative self-directed and a great team player. You will drive continuous process improvement and collaborate effectively with fast-paced cross-functional business and software development teams to solve problems and implement new solutions. You will interact with a broad cross section of the Amazon organization spanning a wide range of technologies and engaging with external vendors and internal teams.


Key job responsibilities

You must be able to:
* Work with multiple engineering teams to carry out Application Security Reviews.
* Provide expert advice and consultancy to internal customers on risk assessment threat modeling and fixing vulnerabilities.
* Define information security controls and patterns that support risk assessments and support the development of secure architectures. This will involve understanding service interdependencies and driving towards secure technical solutions for multi-tiered systems.
* Collaborate with engineering teams to drive the product roadmaps by providing security requirements that help to map security controls / patterns to product features.
* Address bottlenecks provide escalation management anticipate and make tradeoffs and balance the business needs versus technical constraints.
* Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure solution.
* Clarify and drive project commitments as well as establish and maintain clear chains of accountability.
* Lead internal process improvement projects including the development and implementation of internal tools.
* Security training and outreach to internal development teams
* Security guidance documentation
* Security tool development
* Security metrics delivery and improvements
* Assistance with recruiting activities and administrative work


About the team
About AmSec:

Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description we encourage candidates to apply. If your career is just starting hasnt followed a traditional path or includes alternative experiences dont let it stop you from applying.

Why Amazon Security
At Amazon security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazons products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud devices retail entertainment healthcare operations and physical stores.

Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home theres nothing we cant achieve.

Inclusive Team Culture
In Amazon Security its in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas perspectives and voices.

Training and Career growth
Were continuously raising our performance bar as we strive to become Earths Best Employer. Thats why youll find endless knowledge-sharing training and other career-advancing resources here to help you develop into a better-rounded professional.

- Bachelors Degree or Equivalent Work Experience

- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud or CySA (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.