Sr. Security PM- VRP/Bug Bounty Program

Job ID: 1107470 | Services LLC


You have hundreds of thousands of hosts, hundreds of millions of lines of code, billions of online transactions, and one of the most visited sites on the Internet. Now go secure it. At Amazon, we obsess over our customers, and ensuring our customers’ trust is our first priority. To earn that trust in an environment as vast and varied as Amazon’s and an online world where threats grow ever more sophisticated requires building a world-class information security program to tackle never-before-seen challenges at dizzying scales. You will not just be using cutting-edge security technologies here in Amazon; you will be inventing them.

Amazon’s Information Security is seeking a Senior Program Manager with a security background to join the newly established bug bounty program – Amazon VRP (Vulnerability Research Program). You will work cross-functionally to lead the lifecycle of vulnerability research and bug bounty programs from inception to launch, drive internal processes to support the remediation of vulnerabilities, and influence the Amazon technology ecosystem to pursue security best practices. You will also partner with external vendors, security research community and global white-hat hackers with the aims to protect Amazon customer trust.

Responsibilities include:
· Lead the lifecycle of the Amazon vulnerability reporting program, including public and private bug bounty programs, along with related company-wide initiatives.
· Drive internal processes for prioritization and resolution of vulnerability findings.
· Build and maintain relationships with security researchers and white-hat hackers working with Amazon.
· Coordinate across Information Security to understand and support the tooling roadmap for the VRP.
· Manage external vendor relationships.
· Evangelize security culture to the internal business units.
· Communicate with SVPs, VPs, Directors and domain managers to prioritize and execute remediation plans.


· Bachelor’s degree in Computer Science, Engineering, or related discipline
· 7+ years technical project or program management experience, or similar technical leadership role with demonstrated experience managing complex programs involving multiple engineering teams
· Prior experience in Information Security, with knowledge of security fundamentals and common vulnerabilities
· Familiarity with attack vectors and its customer impact
· Demonstrated ability to lead and deliver without influence
· Strong problem solving skills
· Proficient oral and written communication skills


- Experience with driving large, company-wide initiatives
- Prior experience in application security, product security, vulnerability research or management, software/system engineering, or other related domains

Amazon is an Equal Opportunity-Affirmative Action Employer – Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation