Amazon

Returning Candidate?

Security Engineer - Vulnerability Intelligence Analyst

Security Engineer - Vulnerability Intelligence Analyst

Job ID 
473553
Location 
AU-NSW-Sydney
Posted Date 
1/4/2017
Company 
Amazon Support Services Australia Pty Ltd
Position Category 
Systems, Quality, & Security Engineering
Recruiting Team 
..

Job Description

Amazon.com is looking for an expert Security Engineer focused on analyzing vulnerabilities and exploit code and translating this analysis into actionable intelligence. If you enjoy analyzing system services, operating systems, networks and applications from a security perspective and you are skilled at discovering security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity in a rapidly changing environment. You will be responsible for the monitoring of new vulnerabilities released in the wild, reviewing specifics of those vulnerabilities including exploit code, and working directly with our Vulnerability Operation Analysts to drive remediation efforts.

Responsibilities:
  • Analyze vulnerabilities and exploit code.
  • Translate technical analysis into actionable intelligence including remediation and mitigation steps.
  • Develop procedures related to the review of vulnerabilities.
  • Provide technical support for the resolution of vulnerabilities reported by our automated systems.
  • Provide tier 3 security operations support.
  • Develop security policies, standards, procedures and guidelines.
  • Participate in security compliance efforts (e.g. PCI, SOX).
  • Implement and support security-focused tools and services.
  • Earn trust and maintain strong working relationships with teams responsible for patching.
  • Build information security as a core competency throughout our relationships with our internal partners including education and training.
  • Drive continual improvement and innovation in the vulnerability management space.
  • Participate in on-call duties related to vulnerability management.

Basic Qualifications

  • BA/BS in an engineering or technical leadership discipline, or equivelant experience
  • Experience with vulnerability management solutions, vulnerability analysis, and risk analysis.
  • At least 3 years of system, network and/or application security experience.
  • At least 2 years of development experience in C, C++ and/or Java.
  • At least 1 year of mobile device security experience.
  • Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
  • Scripting skills (e.g. Perl, Ruby, Python, Shell scripting).
  • Ability to write advanced SQL queries against Oracle and MySQL back-ends.
  • Detailed knowledge of system security vulnerabilities and remediation techniques.

Preferred Qualifications

  • MA/MS in an engineering or technical leadership discipline, or equivalent experience
  • At least 1 year of experience with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).
  • Related compliance experience, including: PCI, GLBA, SAS70 (SOX/HIPPA desirable)
  • Security certifications encouraged
  • Basic understanding of malware analysis
  • Basic understanding of malicious code constructs (imports, exports, PE sections, etc.)