Returning Candidate?

Application Security Engineer

Application Security Engineer

Job ID 
Posted Date 
AMZN CAN Fulfillment Svcs, Inc
Position Category 
Systems, Quality, & Security Engineering
Recruiting Team 

Job Description is looking for expert Security Engineers to defend critical Amazon applications. Join a team of elite Security Engineers who work tirelessly to secure the applications used by hundreds of millions of customers every day. Does this sound like you?

* You enjoy solving challenging technical problems.

* You have experience that shows breadth and depth of security knowledge. You are strong in multiple domains of software security.

* You know how to work as a partner with product teams and give them the advantage of your security experience.

* You recognize, adopt, use, and recommend best practices in security engineering.

* You work ceaselessly to improve your knowledge of the security threat landscape and of technologies that enable new forms of attack and defense.

* You are an effective communicator who engages well with technical and non-technical audiences alike.

Some more characteristics we're looking for:

* Great logic and problem-solving skills and good security instincts.

* The desire to solve security challenges at scale, and work on securing the next generation of applications powering the most sophisticated e-commerce platform ever built.

* Knowledge of threat modeling and other security risk identification methods.

* Knowledge of system security vulnerabilities and remediation techniques.

* Understanding of network protocols from data link through application layer.

* Excellent written and oral communication skills.

* Development experience in Java and C/C++.

* Working knowledge of Python, Perl, or Ruby.

* Exposure to multiple security engineering disciplines including application security, secure software development, cryptography, network security, system security, and security policy.

* Strong technical capabilities with demonstrated focus in at least one of the above disciplines.

* Ability to handle interruptions and work well under frequent context switches.

* Continual drive to increase your knowledge and enhance your skills.

* Proven ability to work effectively in a technology team.

* High energy, focus on delivering results, and ability to self-manage.

* Experience in providing practical solutions that enable product teams to meet business goals while controlling security risk.

* Ability to solve problems at their root and step back to understand the broader context.

* Understanding of relevant threat environments and how they affect products.

* Deep understanding of the interplay between attack and defense. Familiarity with current network security and application security tools and how to apply them.

* Ability to promote secure design principles and a security-focused outlook across a large organization.

As a Security Engineer, you will:

* Perform end-to-end application security reviews to ensure critical information is appropriately protected.

* Identify security vulnerabilities and risks, and develop mitigation plans.

* Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start.

* Architect, design, implement, support, and evaluate security tools and services.

* Develop and interpret security policies and procedures.

* Mentor junior members of the team.

* Develop and deliver security training across the company.

* Evaluate and recommend new and emerging security technologies for use inside and outside the security organization.

* Produce creative and inventive solutions for large problems. Participate in projects that develop new intellectual property.

* Be an advocate for customer trust.

Basic Qualifications

* Bachelor's degree in computer science, computer engineering, or mathematics.

* Recognition among your peers as a leader in security engineering.

* At least 3 years of experience in application security.

* Detailed technical knowledge of at least two of: application security, system security, network security, authentication/authorization protocols, or cryptography. Hands-on experience in at least one of the above.

* Experience in threat modeling and risk identification.

* Experience in security vulnerability assessments and remediation techniques.

Preferred Qualifications

* Master's degree with concentration in information security.

* Previous experience developing and delivering security software tools.

* Experience with security in service-oriented architectures and web services.

* Experience in penetration testing and exploitability-focused vulnerability assessment.

* Experience in platform-level security mitigations and hardening for Linux.

* Detailed knowledge of standards for authentication and authorization.

* Secure software development lifecycle experience.