We use cookies. Find out about cookies here. By continuing to browse this site you are agreeing to our use of cookies.

Senior Offensive Security Engineer / Senior Security Researcher, Cupertino, California

CategorySystems, Quality, & Security Engineering
Job typeFull Time
CountryUnited States of America
At Amazon, we are working to be the most Customer-centric company on earth. To get there, we need exceptionally talented, bright and driven people. Amazon Customer Service tens of thousands of Associates around the globe provide world-class support to customers 24 hours a day, 7 days a week, and in over 15 languages (and growing). In the Customer Service Applications Security team our passion goes beyond finding and eliminating security vulnerabilities in our systems; we want to stop them occurring in the first place. We are passionate about driving security in product road maps; technical security training and awareness; and improving on core frameworks, infrastructure or detection tooling.

The Customer Service Applications Security team is looking for an exceptional Senior Security Engineer / Senior Security Researcher to perform authorized full-stack Offensive Security campaigns against the ecosystem that powers one of the largest customer service organizations in the world. You will perform realistic offensive security exercises to simulate real attacks, to test and improve our ability to protect, detect, respond, and recover from technically sophisticated adversaries.

Your responsibilities will include:
• Vulnerability research and development (including zero-day), in the areas of hardware, software and cloud
• Writing exploitation code, proof of concepts, and development of new tools and capabilities to emulate real-world technically sophisticated adversaries
• Design and implement tooling, infrastructure, instrumentation and frameworks to support offensive security exercises; and for automated testing and vulnerability discovery
• Plan and execute manual and automated adversarial testing activities
• Perform authorized offensive security testing of the Customer Service stack using existing and custom-made tooling with a high degree of ethics and privacy
• Thoroughly document findings and present results to a variety of target audiences, ranging from highly technical engineers, non-technical subject matter experts, and senior leadership
• Work closely with internal stakeholders to identify, research, analyze, provide resolution, and fix complex vulnerability issues.
• Design controls and improvements to sharpen our capabilities to defend against attackers in close cooperation with the teams responsible for implementing them
• Develop meaningful executive and operational metrics for the Offensive Security program
• Represent the Offensive Security team across and outside of Customer Service
• Participate in security escalations support. Create security guidance and documentation
• Evaluate and recommend new and emerging security products and technologies
• Carry out/own new, reoccurring, and ad-hoc security engineering projects and consultations
• Support for mentoring, team building, recruiting activities

Basic Qualifications:
• Bachelors' degree in Computer Engineering, Computer Science, Electrical Engineering or related domain
• 5+ years of demonstrated experience in offensive security, penetration testing, or security research in large, complex organizations
• Demonstrated contributions to exploit development, CVEs, Bug Bounty, or Responsible Disclosures
• Proven experience in threat modeling, security vulnerabilities, attacker exploit techniques, and methods for their remediation
• 3+ years experience with one or more programming languages (such as Java, C++, Python, etc.) and at least one scripting language (such as Python, Perl, Ruby, etc.)

Preferred Qualifications:
• Masters degree or PhD in Computer Engineering, Computer Science, Electrical Engineering or related domain, or equivalent work experience
• Security Certifications such as OSEP, OSWE, or OSEE
• Deep knowledge of Cloud security principles (preferably AWS)
• Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences
• Ability to meet tight deadlines and manage multiple priorities; ability to deliver results and navigate through ambiguity

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

The pay range for this position in Colorado is $146,800 - $160,000[yr]; however, base pay offered may vary depending on job-related knowledge, skills, and experience. A sign-on bonus and restricted stock units may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered. This information is provided per the Colorado Equal Pay Act. Base pay information is based on market location. Applicants should apply via Amazon's internal or external careers site.