Our mission: To be Earth's most customer-centric company.
Come join Earth’s most customer-centric company! The Amazon Pentest Security team is looking for a Software Development Engineer who has a strong passion for offensive security tooling. You will work on a small team dedicated to building tools and services to enable a growing team of Pentest engineers scale their work. We develop the operational and detective tools that keep Amazon safe from malicious actors, preventing, detecting, and mitigation security events. We work closely with our Application Security, Threat Intel, Security Operations, and Security Analyst teams, to drive security improvements.
We specialize in digging deep to find security issues that static analysis tools can’t. We are curious about the way things work and love solving problems.
The Amazon surface area is large and diverse, and we use results found in manual analysis to help improve our enterprise-wide automation to fix potential security issues to protect customers. That means our engineers get to focus on new problems. Anytime you see the same problem twice, we want to work with you to automate the problem away.
Our team is also responsible for scaling penetration testing. We write a variety of automated tooling (e.g. fuzzers, scanners, analyzers, etc.) to reduce the need to perform manual penetration testing.
If you’re passionate about finding security bugs, writing tools to reduce manual testing, and enjoy seeing your work’s impact across the internet, then we’d like you to help us solve some interesting and complex problems.
This position is on a new team that you will be joining at its inception and it will have a start-up feel. In this role, you will be responsible for architecting and developing core modules, of new features in software applications, tools and services using object-oriented, C, Rust, and pentest scripts using Go, and python. You’ll diagnose and optimize performance bottlenecks in the tied to the user of resources like CPU, and Memory. In this role, you will get to work with principal engineers and security engineers on a daily basis. If you are interested in learning about operating an AWS service at massive scale and working alongside world class engineers, then this role is for you.
Inclusive Team Culture
Here at Amazon, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Our team puts a high value on work-life balance. It isn’t about how many hours you spend at home or at work; it’s about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment. We offer flexibility in working hours and encourage you to find your own balance between your work and personal lives.
Mentorship & Career Growth
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded professional and enable them to take on more complex tasks in the future.
A day in the life
Internal Stakeholders are
- Pentest engineers
- Amazon Service teams
You’ll professionalize the technical output of a team of security engineers, building best practices, refactoring their tools, and creating new tools that are focused on the security testing team.
About the hiring group
Amazon promises our customers that we will keep the cloud secure. Our team validates that promise. You will help us validate that promise at scale.
- Write automation to help scale security testing.
- Conduct vulnerability research pertaining to relevant technologies.
- Write proof of concept code to demonstrate the severity of a potential security issue.
- Partner with our enterprise-scale security tools team.
- Provide clear communication on the issue to developers, suggest and help to test the fix.
- Partner with developers to drive improvement in application security as a result of security review engagements.
- A Bachelor’s degree in Computer Science, Cybersecurity, or other related fields, from an accredited university. Equivalent professional experience can be used in lieu of a degree.
- Experience scripting in Python or other equivalent interpreted programming languages.
- 2+ years of non-internship professional software development experience.
- Programming experience with at least one modern language such as Java, C++, or C# including object-oriented design.
- Experience contributing to the architecture and design (architecture, design patterns, reliability and scaling) of new and current systems.
- Professional software development experience building and operating production with at least one modern language such as Java, Go, Python, C++, or TypeScript.
- Experience contributing and scaling new and existing solutions in a, virtualized, or cloud environment.
- Experience with algorithms, data structures, databases, and problem solving.
- Master’s Degree in Computer Science, Data Science or related field.
- Strong skills in project planning & execution, problem solving. Ability to take a project from initial scoping requirements through actual launch and support of the project.
- Demonstrated delivery of large-scale, initially-ambiguous projects.
- Experience in cloud computing (AWS, Azure, etc).
- Experience developing on Unix/Linux using Python, Java, Golang, etc.
- Exposure to data analysis basics such as SQL, R, iPython, etc.
- Working knowledge and understanding of security engineering, system and network security, authentication and security. protocols, cryptography, or application security
- Sharp analytical abilities and proven design skills
- Excellent written and verbal communication skills
- Meets/exceeds Amazon’s leadership principles requirements for this role
- Meets/exceeds Amazon’s functional/technical depth and complexity for this role
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.