Jobs · Engineering

Security Engineer II, Stores Application Security

Amazon · Virginia, United States · 1 wk ago
RemoteRemoteEngineeringFull-time

About the role

Description In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world-class machine learning pipelines, from innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment. As a Security Engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. On a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers. The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will articulate risks to technical and non-technical audiences alike. Interpersonally, the successful candidate will harmonize disparate opinions while prioritizing risks to guide their partners toward secure solutions.

Responsibilities

  • Creating, updating, and maintaining threat models for a wide variety of software projects

  • Conducting first-party application security research

  • Performing manual and automated secure code review, primarily in Java, Python, and JavaScript

  • Identifying and mitigating security issues at scale

  • Developing security automation tools

  • Performing adversarial security analysis using innovative tools to augment manual effort

  • Providing security guidance and working with internal software development teams to secure their applications

  • Independently solving security problems that require novel methods or approaches

  • Influencing your team's and partners' processes, priorities, and choices to improve outcomes

Requirements

  • Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing

  • Bachelor's degree in computer science or equivalent, or 3+ years of IT Security experience

  • Experience with network architecture, enterprise IT systems and cloud such as AWS

  • Proficiency in programming or scripting languages (e.g., Java, Python, Perl, Bash, Ruby, PowerShell, etc.)

  • Experience with explaining complex technical risks in simple, clear language so that non-technical stakeholders can easily understand and take appropriate action

Qualifications

  • Experience with AWS services, network architecture, and enterprise IT systems

  • Experience driving continuous and scalable improvements in security controls and practices, and collaborating with security stakeholders to develop and implement security strategies

  • 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and penetration testing experience

Skills

  • Technical acumen with one or more areas of deep expertise

  • Ability to articulate risks to technical and non-technical audiences alike

  • Interpersonal skills to harmonize disparate opinions while prioritizing risks to guide partners toward secure solutions

Benefits

  • Work/Life Balance

  • Inclusive Team Culture

  • Mentorship and Career Growth

Pay

Base salary range for this position is $159,300.00 - $202,400.00 USD annually

Schedule

Virtual Location - California - 159,300.00 - 202,400.00 USD annually

Virtual Location - Texas - 159,300.00 - 202,400.00 USD annually

Virtual Location - Virginia - 159,300.00 - 202,400.00 USD annually

Virtual Location - Washington - 159,300.00 - 202,400.00 USD annually

Similar jobs