Whole Foods Market is synonymous with impeccable standards and the highest quality products available. Our Information Technology team is looking for talented individuals to help drive the Information Security organization to help protect our data, our Team Members, and most importantly, our customers.
This organization owns the end-to-end security of all systems and data across Whole Foods Market. You should be highly passionate about security, cloud computing, and working in a high-performing security organization. You should have experience working with high-quality technology products and services in a hyper-growth environment where priorities shift quickly. We operate on a very large scale and demand high standards, so discipline around delivery is crucial. If you enjoy analyzing the security of systems that span from key management to cloud services, discovering and addressing security issues, and quickly reacting to new scenarios, this position will provide you with a great opportunity. You will tackle challenging situations every day and will have the opportunity to work with technical teams across Whole Foods Market and Amazon. You should be comfortable with a high degree of ambiguity and relish the idea of solving problems. Along the way, we guarantee that you will learn a ton, have fun, and make a positive impact on our customers. A high level of ownership and accountability is a must.
This position is based in Austin, TX.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
· Bachelor’s degree or Master’s degree in Computer Science or Information Security, or equivalent industry experience
· 7+ years of security engineering experience
· Experience in threat modeling or other risk identification techniques
· Knowledge of system security vulnerabilities and remediation techniques
· Familiarity with common attack patterns and exploitation techniques
· Experience with manual and automated static code analysis for languages such as Java, C++, and C#
· Experience with dynamic web application security testing with tools such as Burp Suite
· Ability to write proof-of-concept exploits for vulnerabilities such as XSS, CSRF, and SQL injection
· Experience working with development teams that have delivered enterprise software, commercial software, or software-based services
· Experience with AWS-specific technologies
· Solid understanding of cryptographic fundamentals
· Scripting skills for automation purposes
· Experience with fuzzing
· Experience with reverse engineering tools such as IDA Pro, Ghidra, etc.
· Experience with software defined networking in public cloud environments
· Experience with security groups, NACLs, VPCs, subnetting, gateways, routing tables, etc.