Security Engineer, AppSec Testing Automation (New York, Seattle, Austin, San Francisco, Arlington)
Amazon
DESCRIPTION
Are you passionate about identifying web app vulnerabilities and looking for a challenge to work at Amazon's scale? Do you work with developers on a daily basis and help them solve complex security issues? You might be the perfect fit for this role.
As a member of the Application Security Testing Automation team, you will help provide automated security testing (eg. SAST, DAST) solutions for Amazon Stores. Our team’s goal is to empower both development and security teams with accurate security detections at the highest standards of quality to identify and eliminate risk across Amazon’s application portfolio.
You will be responsible for prototyping new tools, researching application vulnerabilities, and developing custom security detections to deliver scalable testing solutions to our internal customers. This role will routinely challenge your technical background and critical thinking. You will be expected to collaborate with different stakeholders in a fast-paced environment across many technology stacks and services.
This role can be located at any of the following office locations:
Seattle, WA
Austin, TX
New York, NY
San Francisco, CA
Arlington, VA
Key job responsibilities
- Research and develop high precision security detections (SAST/DAST) to identify vulnerabilities at scale
- Build and/or evaluate new security testing tools and methodologies to enhance our existing capabilities
- Demonstrate and promote security best practices for Amazon developers
- Drive improvements of Amazon’s overall security architecture
A day in the life
In this role, you will routinely work with builders and other security teams to determine opportunities for security automation and develop scalable solutions for Amazon.
Your daily activities include:
- Educate developers on security issue remediation and best practices
- Researching prevalent vulnerabilities with other security teams
- Collaborate with multiple stakeholders to collectively raise the security posture of Amazon
- Review code, running endpoints, APIs, and other platforms to identify security issues
- Presenting findings and discussing security risk with technical and non-technical stakeholders
- Reporting on detection precision metrics and improving internal processes
About the team
Amazon is continuously innovating new services and features for customers. To keep up with that innovation, our team raises the bar for application security by identifying as many vulnerabilities through automated static and dynamic application testing (SAST & DAST) tools. Our team:
- Empower builders and development teams with security detections at the highest standards of quality.
- Drive efficiencies at scale through thoughtful but deliberate automation that raises the security bar and eliminates vulnerability classes .
- Provide innovative solutions to maintain pace with emerging technologies.
- Partner with other security teams, engineers, builders, and security practitioners to improve security.
- Provide transparency in decision making and lead by example.
We are open to hiring candidates to work out of one of the following locations:
Arlington, VA, USA | Austin, TX, USA | New York, NY, USA | San Francisco, CA, USA | Seattle, WA, USA
BASIC QUALIFICATIONS
- Bachelor's or Master's degree in an engineering discipline or equivalent experience in the field of Security
- 4+ years of Application Security or Development experience
- Experience with coding or scripting (pref Java/Python)
- Deep technical understanding of the OWASP Top 10
- Experience in vulnerability identification and remediation techniques
- Excellent written and verbal communications skills
PREFERRED QUALIFICATIONS
- Passionate about security; involvement in the application security community
- Experience with prototyping, building tooling and automated solutions
- Experience with static and dynamic security scanning tools (Fortify, Web Inspect, Arachni, Coverity, Checkmarx, AppScan, Invicti, Snyk, Semgrep, Burp, Zap, etc)
- Experience with AWS architecture
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $135,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.