Be an early applicantLess than 25 applicants

Company

Amazon · 12 hours ago

Pentest Security Engineer II, Devices & Services Pentesting

United States

Full-time

Remote

Mid, Senior Level

$136K/yr - $213K/yr

3+ years exp

Maximize your interview chances

CrowdsourcingDelivery

H1B Sponsor Likely

Insider Connection @Amazon

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Lead and contribute to penetration tests against services and software released by Amazon’s Devices & Services organization. This includes working closely with builder teams to scope pentests, develop test plans, find vulnerabilities, develop proof of concept exploits, report findings, and validate patches.

Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.

Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance to drive security improvements.

Lead impactful security improvements in large product lines through close collaboration with our partner builder teams.

Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation to guide communication with internal engineering stakeholders and leadership.

Mentor junior penetration testers and cultivate a culture of collaboration and research sharing.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Web application vulnerabilitiesService API vulnerabilitiesCode reviewThreat ModelingAWS knowledgeHardware security fundamentalsCTF competitionsCVE researchBug Bounty recognitionMachine Learning technologiesPublished security research

Required

3+ years of experience identifying, exploiting, and recommending solutions to remediate web application and service API vulnerabilities (e.g. mass assignment, broken object/function level authorization, JWT/OAuth, injection, business logic flaws, excessive data exposure, etc.)

Experience tracing sources and sinks during code review to identify vulnerabilities, and providing contextual remediation guidance to address vulnerability root cause

Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks

Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services

Bachelor’s degree in Computer Science or related field, or equivalent industry experience

Preferred

Foundational knowledge of hardware security fundamentals

Experience in CTF competitions, CVE research, and/or Bug Bounty recognition

Experience with applying and assessing Machine Learning technologies

Published security research (e.g. conference presentations, whitepapers, blog posts)

Benefits

Full range of medical, financial, and/or other benefits

Company

Amazon

Glassdoor

3.7

Amazon is a tech firm with a focus on e-commerce, cloud computing, digital streaming, and artificial intelligence.

Founded in 1994

Seattle, Washington, USA

10,001+ employees

https://amazon.com

H1B Sponsorship

Amazon has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2023 (14000)

2022 (23375)

2021 (15334)

2020 (14558)