AddressAmazon is seeking a talented and seasoned Senior Applications Security Engineer to focus on securing the ecosystem that powers Amazon Customer Service (CS). CS is one of the largest customer service organizations in the world. Our business operations include tens of thousands of Customer Service Associates around the globe who provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing).
This position will provide you with a challenging opportunity to solve difficult security problems at planetary scale. As a senior Security Engineer, you will help define short-term and long-term security strategy. You will balance your efforts between strategic and operational deliverables. You will have the opportunity to work with talented engineering teams within Amazon to ensure applications are designed and built securely. You care deeply about keeping Amazon customers secure and therefore are passionate about finding, and mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization (technical and non-technical). The successful candidate must be autonomous, comfortable operating in highly ambiguous situations, and must deliver results in a fast-paced environment.
Key job responsibilities
- Perform security reviews including secure design and architecture, threat modeling, threat assessments, secure code reviews, security testing, and security certifications
- Identify security gaps in applications, services, and products including internally developed, as well as third party solutions
- Determine findings criticality taking into account the relevant business, technical, and threat environment
- Produce reports that describes the work perform for a variety of audiences including technical and non-technical stakeholders
- Communicate findings to relevant stakeholders through a combination of verbal and written reports. Identify owners, and drive mitigation of findings within established SLAs
- Record findings and supporting evidence, work product, and testing results following established policies and procedures
- Design, develop, deploy, and maintain security automation, secure-by-default solutions, and other solutions that will enable developer and Security Engineering productivity using scripting or programming languages
- Develop a broad and deep technical understanding of the services, architectures, and products pertaining to the Customer Service organization
- Contribute to the long-term and short-term security strategy to ensure that applications are designed and built securely
- Comfortably transition between big picture, strategic thinking and tactical, day-to-day operational execution
- Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term and short-term risk mitigation recommendations
- Improve secure software development life-cycle (SSDLC) practices across multiple organizations in Amazon
- Influence decision-makers and stakeholders to achieve a consistently high security bar
- Create relevant documentation, security guidance, and metrics to report to your stakeholders and business leaders and deliver these in a clear, concise manner
- Lead security initiatives with end-to-end ownership
- Participate in security escalations support including on-call rotation
- Evaluate and recommend new and emerging security products and technologies
- Support for mentoring, team building, recruiting activities, onboarding of new team members
- Own and carry out new, reoccurring, or ad-hoc Security Engineering projects and consultations
- Deliver practical security solutions providing the most customer-centric experience on the planet
- Must be a kind human who enjoys working in a fun team
We are open to hiring candidates to work out of one of the following locations:
Toronto, ON, CAN
Basic Qualifications
- BS in Computer Science, Information Security, or equivalent professional experience
- 2+ years of experience in Application Security, product security, or systems security
- 2+ years writing production-level code in at least one scripting or compiled language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++
- Proven experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation.
- 2+ years of experience securing cloud services such as AWS, Azure, and Google Cloud
Preferred Qualifications
- Master’s degree in Computer Science, Information Security, Computer Engineering, Electrical Engineering or equivalent- 1+ years of software development experience with at least one programing language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++
- 1+ years of experience in penetration testing, offensive security, or red teaming • Deep technical understanding of OWASP Top 10, and SANS 25 vulnerability identification and remediation
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, disability, age, or other legally protected status. If you would like to request an accommodation, please notify your Recruiter.
