Security Engineer III - AMZ25957.4 at Amazon

Employer: Amazon Development Center U.S., Inc.
Position: Security Engineer III - AMZ25957.4
Location: Arlington, VA

Multiple Positions Available:

1.Conduct comprehensive security review within the Secure Software Development Life Cycle (SDLC) for Amazon and AWS services, specifically focusing on database, analytics, search, and storage product offerings. 2. Perform detailed design reviews and threat modeling for new features and offerings, including penetration testing coordination and vulnerability management for Amazon product teams' software. 3. Lead holistic security assessments of internal and external services supporting Amazon cloud offerings, with emphasis on identifying, documenting, and managing legacy vulnerabilities. 4. Execute peer reviews of security engineering work to ensure thorough due diligence, identify potential antipatterns, and validate security measures before feature releases. 5. Provide expert security consultation to software engineering teams, covering: Cryptography, Security in transit and at rest, Database security, Application security, Infrastructure security and Internal security processes. 6. Develop security review tools utilizing Java and Soot Framework for static code analysis, Python for semantic analysis and Automation solutions for ticketing and management processes. 7. Create comprehensive security documentation for database, analytics, search, and storage services to facilitate high-quality security analysis. 8. Conduct in-depth security code reviews of repositories and commits, including analysis of internal AWS frameworks for: Authentication, Input Validation, Logging (CloudTrail), and Deployment systems.

(40 hours / week, 8:00am-5:00pm, Salary Range $178400 - $226700)

Amazon.com is an Equal Opportunity – Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation

Basic Qualifications

A Bachelor’s degree or foreign equivalent in Computer Science, Engineering, or a related field and 1 year of experience in the job offered or related occupation. In the alternative, employer will accept 2 years of experience in the job offered or related occupation in lieu of a Bachelor’s degree, and 1 year of experience in the job offered or related occupation. Must have 1 year of experience involving each of the following: (1) Security engineering and network technologies (PCAP or Netflow), Operating Systems and network security, common attack patterns and exploitation techniques. (2) Security Operations, Incident Response, Threat Hunting and Assurance methodologies. (3) Common attack patterns and exploitation techniques. (4) System security analysis techniques including threat modeling and attack graphs. (5) Writing run-books, and complexity analysis, execute vulnerability scans and reviews vulnerability assessment reports.

Preferred Qualifications

All applicants must meet all the above listed requirements.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.