Amazon · 17 hours ago
Pentest Security Engineer II, Devices & Services Pentesting
Maximize your interview chances
CrowdsourcingDelivery
H1B Sponsor Likely
Insider Connection @Amazon
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Lead and contribute to penetration tests against services and software released by Amazon’s Devices & Services organization. This includes working closely with builder teams to scope pentests, develop test plans, find vulnerabilities, develop proof of concept exploits, report findings, and validate patches.
Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.
Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance to drive security improvements.
Lead impactful security improvements in large product lines through close collaboration with our partner builder teams.
Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation to guide communication with internal engineering stakeholders and leadership.
Mentor junior penetration testers and cultivate a culture of collaboration and research sharing.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
3+ years of experience identifying, exploiting, and recommending solutions to remediate web application and service API vulnerabilities (e.g. mass assignment, broken object/function level authorization, JWT/OAuth, injection, business logic flaws, excessive data exposure, etc.)
Experience tracing sources and sinks during code review to identify vulnerabilities, and providing contextual remediation guidance to address vulnerability root cause
Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks
Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
Bachelor’s degree in Computer Science or related field, or equivalent industry experience
Preferred
Foundational knowledge of hardware security fundamentals
Experience in CTF competitions, CVE research, and/or Bug Bounty recognition
Experience with applying and assessing Machine Learning technologies
Published security research (e.g. conference presentations, whitepapers, blog posts)
Benefits
Full range of medical, financial, and/or other benefits
Company
Amazon
Amazon is a tech firm with a focus on e-commerce, cloud computing, digital streaming, and artificial intelligence.
H1B Sponsorship
Amazon has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (14000)
2022 (23375)
2021 (15334)
2020 (14558)
Funding
Current Stage
Public CompanyTotal Funding
$8.11BKey Investors
Kleiner Perkins
2023-01-03Post Ipo Debt· $8B
2001-07-24Post Ipo Equity· $100M
1997-05-15IPO· undefined
Recent News
The Romania Journal
2024-11-21
2024-11-19
The Telegraph
2024-11-19
Company data provided by crunchbase