Innovation is in our DNA
It's still Day 1 at Amazon--come build the future with us.
Amazon.com is known across the globe as the most trusted company on the Internet. We are committed to delivering an exceptional customer experience and believe building security into all phases of our products is core to our success.
As a member of the Marketplace Security team, your technical skills are second only to your professionalism and passion for security and technology in general. You’re a highly motivated team player that thrives on solving problems and tackling new challenges. If you enjoy analyzing system services, findings issues in code, networks and applications from a security perspective, and you are skilled at discovering security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity.
As an Application Security Engineer, you'll work with engineering teams across Amazon to establish and improve the security of our platforms and services at every step of the development lifecycle. You will act as both a builder, creating processes and tools to help our engineers write more secure code, and a breaker, performing penetration tests of internally developed applications, identifying and recommending solutions to risk owners. Ensuring that our applications and services maintain our high standards is essential to maintaining and enhancing customer trust.
An Application Security Engineer at Amazon works with development teams to help build secure products and identify the right technical solutions given the constraints of their technologies and development cycles. You proactively and continually improve your level of knowledge about Amazon’s business, information security, the threat landscape and relevant technologies. You communicate professionally with the teams, knowing when to contribute and when to listen.
The ideal candidate will be able to think both tactically in dealing with security incidents and strategically in anticipating future threats against our systems; passionate about solving security problems in innovative ways. This role is ideal for a T-shaped person, with breadth of knowledge that deep in at least a few places. He or she has good knowledge of web protocols and authentication models. Experience with web services-based financial or sensitive applications, especially at a large scale, is very applicable.
For the experienced security specialist or hacker: this is a chance for you to hack all the things. We want you to use your skills to both make our products stronger and safer as well as find flaws in broader platforms that need to be fixed. You will need to be intimately familiar with modern application technologies and able to read and write code in at least one language.
Your idea of a good time should be finding bugs in old code so that you can show just how easy it is to pwn the internet.
You have the ability to communicate technical security concepts to diverse audiences, both orally and in writing .
You build tools to automate security testing.
You can explain the OWASP Top 10 to your grandmother.
You are a champion for security across the organization and participate in efforts to promote security throughout Amazon.
You help teams develop pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk.
You solve problems at their root, stepping back to understand the broader context.
You maintain an understanding of the Internet threat environment and how it affects the company.
You work to find and fix flaws in existing company systems and sites.
You understand the current state of application security tools and how they can benefit the company.
You keep your knowledge and skills current to keep up with the rapidly changing threat landscape.
You perform design and implementation security reviews for different parts of the organization.
You invent technical solutions to address security weaknesses and work with relevant stakeholders to implement them.
Ability to drive consensus amongst technically strong but differing groups.
Expert knowledge of tools and automation techniques for find bugs fast and at scale.
Experience evaluating the security of mobile applications on iOS and Android
Experience with web-app fuzzing
Solid familiarity of prevalent security threats and how they apply to the business
Have a preferred web intercepting proxy.
A profound love of breaking things in order to make them stronger
Nice to have:
Knowledge that a fuzzer isn’t something for removing lint from your sweater.
Knowledge of Agile development and Continuous Integration (CI)
Strong technical skills in one or more of the following: software development, security engineering, applied cryptography
GIAC (GSSP, GWEB, GPEN, GPWAPT, etc.) or CISSP Certification
Founded by Jeff Bezos, the Amazon.com website started in 1995 as a place to buy books because of the unique customer experience the Web could offer book lovers. Bezos believed that only the Internet could offer customers the convenience of browsing a selection of millions of book titles in a single sitting. During the first 30 days of business, Amazon fulfilled orders for customers in 50 states and 45 countries - all shipped from his Seattle-area garage.
Amazon's evolution from Web site to e-commerce partner to development platform is driven by the spirit of innovation that is part of the company's DNA. The world's brightest technology minds come to Amazon.com to research and develop technology that improves the lives of shoppers and sellers around the world.
e-Commerce, Retail, Operations, Internet
Company Type: Public Company
Company Size: 10,001+
- Information Security, Security Assessor
- Manager - Infrastructure Security
- Security Architect, AmazonBooks Systems
- Security Engineer - Penetration Tester - Finance Business Services
- Security Engineer – Vulnerability Management
- Security Engineering Manager - Penetration Testing
- Senior Security Engineer - AWS IoT Platform
- Sr. Security Engineer