Sr Pentest Security Engineer, Devices & Services
US, Virtual
Come join our offensive security team dedicated to the detection and exploitation of vulnerabilities affecting Amazon consumer devices. This includes performing low-level reviews of hardware, bootloaders, radios, secure enclaves, or OS security features of devices, service reviews including authentication mechanisms, AI, mobile, & web apps. Engineers are also encouraged to experiment with automated techniques, such as symbolic execution, fuzzing, machine learning, or static analysis.
In this role, you will be part of a dedicated team of talented security engineers performing penetration testing exercises to identify vulnerabilities. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping Amazon customers safe and therefore are passionate about mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to reduce manual testing, and enjoy seeing your work's impact across Amazon consumer products and services, then this position is for you. Candidates from entry to senior level will all be considered.
Key job responsibilities
- Perform penetration testing exercises across all products, services, and software released by Amazon and develop proof of concept exploits.
- Perform vulnerability research using variety of custom tooling and technologies (e.g. symbolic execution, static analyzers, fuzzers, scanners, machine learning, etc).
- Create tools for the discovery of vulnerabilities as well as scale security testing.
- Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements.
- Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.
A day in the life
- Perform pentests on yet-to-be-released devices or software ensuring it meets security requirements
- Perform code review of a driver for a new device being launched to our customers
- Write proof-of-concept code to demonstrate the impact of a security issue
- Raise the security bar of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
- Verify the code fixes made to address security issues
- Develop scripts or tools to automate assessments of targets
- Conduct independent vulnerability research on launched products or dependencies
About the team
The internal penetration testing team is part of the Devices and Services Trust & Security organization, which is responsible for the entire SDLC, vulnerability management, incident response, and overall security across Amazon Consumer Devices (Kindle, Ring, FireOS, Kuiper, Alexa, eero and more). The internal penetration testing team is responsible for reviewing these products, with focus on penetration testing, fuzzing and vulnerability research.
While the majority of our Security team are based in the US, by applying to this position your application will be considered for all locations we hire for in the world, however candidates should expect to accommodate US time for necessary meetings.
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.
- 5+ years of experience in a penetration testing or similar offensive security role
- 5+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
- 4+ years of experience with code auditing interpreted or compiled languages (e.g. C/C++, Java, Python, Ruby, .NET)
- Experience with threat modeling, design review, or other threat analysis techniques
- Bachelor’s degree in Computer Science or related field, or equivalent industry experience
- Experience with applying and assessing Machine Learning technologies
- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
- Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
- Experience in developing security tooling and automation applying cutting edge technologies such as symbolic execution, code analysis, and fuzzing
- Published security research (e.g. conference presentations, whitepapers, blog posts)
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site. Apply
In this role, you will be part of a dedicated team of talented security engineers performing penetration testing exercises to identify vulnerabilities. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping Amazon customers safe and therefore are passionate about mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to reduce manual testing, and enjoy seeing your work's impact across Amazon consumer products and services, then this position is for you. Candidates from entry to senior level will all be considered.
Key job responsibilities
- Perform penetration testing exercises across all products, services, and software released by Amazon and develop proof of concept exploits.
- Perform vulnerability research using variety of custom tooling and technologies (e.g. symbolic execution, static analyzers, fuzzers, scanners, machine learning, etc).
- Create tools for the discovery of vulnerabilities as well as scale security testing.
- Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements.
- Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.
A day in the life
- Perform pentests on yet-to-be-released devices or software ensuring it meets security requirements
- Perform code review of a driver for a new device being launched to our customers
- Write proof-of-concept code to demonstrate the impact of a security issue
- Raise the security bar of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
- Verify the code fixes made to address security issues
- Develop scripts or tools to automate assessments of targets
- Conduct independent vulnerability research on launched products or dependencies
About the team
The internal penetration testing team is part of the Devices and Services Trust & Security organization, which is responsible for the entire SDLC, vulnerability management, incident response, and overall security across Amazon Consumer Devices (Kindle, Ring, FireOS, Kuiper, Alexa, eero and more). The internal penetration testing team is responsible for reviewing these products, with focus on penetration testing, fuzzing and vulnerability research.
While the majority of our Security team are based in the US, by applying to this position your application will be considered for all locations we hire for in the world, however candidates should expect to accommodate US time for necessary meetings.
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.
Basic Qualifications
- 5+ years of experience in a penetration testing or similar offensive security role
- 5+ years of professional experience with security engineering practices, including: web application security, network security, authentication and authorization protocols, cryptography, automation, and other software security disciplines
- 4+ years of experience with code auditing interpreted or compiled languages (e.g. C/C++, Java, Python, Ruby, .NET)
- Experience with threat modeling, design review, or other threat analysis techniques
- Bachelor’s degree in Computer Science or related field, or equivalent industry experience
Preferred Qualifications
- Experience with testing low level firmware and hardware- Experience with applying and assessing Machine Learning technologies
- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services
- Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
- Experience in developing security tooling and automation applying cutting edge technologies such as symbolic execution, code analysis, and fuzzing
- Published security research (e.g. conference presentations, whitepapers, blog posts)
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site. Apply
Job Profile
RestrictionsAdhere to company policies Must accommodate US time for meetings
Benefits/PerksCareer growth Diverse and inclusive workplace Equal opportunity employer Equity Flexible schedule Inclusive culture Inclusive workplace Knowledge sharing Medical Mentorship Other benefits Remote work flexibility Sign-on payments Total compensation package Work-life balance
Tasks- Communicate effectively
- Communication
- Conduct vulnerability research
- Create security testing tools
- Develop proof of concept exploits
- Documentation
- Identify vulnerabilities
- Leadership
- Penetration Testing
- Perform penetration testing
- Provide risk mitigation guidance
- Risk Mitigation
- Threat modeling
AI Analysis Application Security Authentication Authorization Automation Automation tools AWS C Cloud Code Review Communication Computer Cryptography Customer service Design Design Review Devices Documentation Engineering Firmware Fuzzing Incident Response Java Knowledge Sharing Leadership Machine Learning Manual testing Mentorship Network security Offensive Security Operations Organization Penetration Testing Presentations Proof-of-concept Python Recruiting Risk mitigation Ruby Security Security Documentation Security Engineering Security Testing Software Software Security Static Analysis Symbolic execution Technical Technical Documentation Technical Solutions Testing Threat modeling Vulnerability Management Vulnerability Research Web application security
EducationBusiness Computer Science Engineering Equivalent Operations Related Field
Certifications Timezones
Remote Jobs in North America
Remote Jobs in Europe
Remote Jobs in Asia/Pacific
Remote Jobs in South America
Remote Jobs in Middle East
Remote Jobs in Africa
Full Time Remote Jobs
Part Time Remote Jobs
Internship Remote Jobs
Contract Remote Jobs
Temporary Remote Jobs
Freelance Remote Jobs
Mid-Level Remote Jobs
Senior-Level Remote Jobs
Entry-Level Remote Jobs
Exec-Level Remote Jobs
Lead-Level Remote Jobs
Remote Technician Jobs
Remote Business Development Jobs
Remote Senior Manager Jobs
Remote Contract Jobs
Remote Data Scientist Jobs
Remote Hybrid Jobs
Remote Project Manager Jobs
Remote Senior Software Engineer Jobs
Remote Program Manager Jobs
Remote Platform Jobs
Remote Marketing Manager Jobs
Remote Engineer I Jobs
Remote Designer Jobs
Remote Claims Jobs
Remote Admin Jobs
Remote Analytics Jobs
Remote Strategy Jobs
Remote Quality Jobs
Remote Advisor Jobs
Remote Growth Jobs
Remote Jobs with GBP > 100K in Salary
Remote Jobs with CAD > 140K in Salary
Remote Jobs with GBP > 120K in Salary
Remote Jobs with EUR > 120K in Salary
Remote Jobs with PLN > 60K in Salary
Remote Jobs with PLN > 40K in Salary
Remote Jobs with PLN > 80K in Salary
Remote Jobs with CAD > 160K in Salary
Remote Jobs with PLN > 100K in Salary
Remote Jobs with PLN > 120K in Salary
Remote Jobs with PLN > 140K in Salary
Remote Jobs with PLN > 160K in Salary
Remote Jobs with EUR > 140K in Salary
Remote Jobs with PLN > 180K in Salary
Remote Jobs with PLN > 200K in Salary
Remote Jobs with PLN > 220K in Salary
Remote Jobs with GBP > 140K in Salary
Remote Jobs with PLN > 240K in Salary
Remote Jobs with PLN > 260K in Salary
Remote Jobs with PLN > 280K in Salary