Security Engineer, Corporate Services Security
About the role
The Corporate Services Security (CPSS) Seals (Security for Employee and Legal Systems) Team is responsible for securing the applications, infrastructure and data developed across People eXperience and Technology (PXT) and Legal teams. We partner with builder teams to minimize security risks across their applications while being a business enabler. Our team provides end-to-end security partnership across the software development lifecycle.
Responsibilities
- Conduct design and security reviews to assess customer risk, prioritize remediation, and partner with service teams on resolution
- Escalate security issues with clear recommendations to senior leadership, keeping customer impact front and center
- Create, update, and maintain threat models across a wide variety of software projects
- Perform manual and automated secure code review, primarily in Java, Python, and JavaScript
- Develop security automation tools and apply adversarial analysis techniques to augment manual effort
- Deliver security training and architecture guidance to internal development teams
- Independently solve complex, systemic security problems requiring novel approaches
- Influence team and partner priorities using data to drive measurable security outcomes
- Communicate technical and strategic security guidance clearly to senior leaders and stakeholders
- Promote security culture across the company through strong cross-functional relationships
Requirements
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 3+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
- Bachelor's degree in computer science or equivalent
- 3+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Knowledge of industry-based security vulnerabilities and remediation techniques
Qualifications
- Experience with AWS products and services
- Experience with programming languages such as Python, Java, C++
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
Skills
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security specialist with one or more areas of deep expertise within application security. They will clearly articulate risks to technical and non-technical audiences alike.
Benefits
Amazon offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
Pay
Base salary range for this position is $159,300.00 - $202,400.00 USD annually.
Schedule
Not specified.