Skip to main content

Security Engineer - OffSec, PXT Security

Job ID: 2126390 | Amazon.com Services LLC

DESCRIPTION

Job summary
At Amazon, we are obsessed with earning customer trust. The People Experience and Technology (PXT) Security team enables our PXT business leaders to maintain customer trust by keeping HR systems and their underlying employee, contingent worker, applicant, and candidate data secure.

PXT Security’s Offensive Security Team (OST) is looking for a passionate, innovative, and results oriented offensive security engineer who has a strong passion for security at scale to help keep Amazon PXT's applications and services secure. This team is responsible for performing offensive security engagement against PXT's services, applications, and websites; and partnering with development teams to remediate weaknesses, and sharpen our software development lifecycle. In this role, you will be asked to solve complex technology problems, build tools to automate your way out of manual efforts, and influence how PXT services protect, detect, and respond to adversaries, and mitigate security threats to protect HR data. You will be in direct contact with PXT teams across business verticals, giving you first hand knowledge about how Amazon PXT is built and operates. Additionally, you will leverage the knowledge you gain to find new ways to drive improvements to PXT's services, processes, and programs. Further, you will be backed up by a team of highly-skilled security engineers, all working with a singular focus of maintaining our customer’s trust.

A person in this role must show exemplary judgment in making trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate ambiguous situations with composure and tact. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.

Key job responsibilities
* Support offensive security/red team/adversarial emulation testing
* Develop comprehensive security testing strategies and programs across PXT to provide assurance that security controls are designed and operating effectively
* Develop innovative accelerators, tools, mechanisms, and processes to enhance the security team's velocity and scale to Amazon's needs
* Facilitate multiple stakeholders to agree on appropriate solutions, and verify that risks are mitigated appropriately. Demonstrate creativity, insight, intellectual flexibility, and sound business judgment throughout the process
* Work independently but collaborate with cross-functional teams (e.g., threat intelligence, incident response, software development, QA, Project/Release Management, Build and Release) to provide security engineering consulting and control design recommendations to reduce risk.

About the team
The People Experience and Technology (PXT) Security team enables our PXT business leaders to maintain customer trust by keeping HR systems and their underlying employee, contingent worker, applicant, and candidate data secure.

BASIC QUALIFICATIONS

* Bachelors Degree in Computer Science or related field, or equivalent work experience
* 4+ years of experience in multiple security engineering disciplines (e.g., red teaming, penetration testing, security operations, application security, secure software or system design)
* 3+ years of experience in a development or security role, working with development team(s) that delivered commercial software or software-based services
* Deep understanding of security vulnerabilities and mitigations
* Deep experience related to offensive security best practices (Penetration Testing, Red Team, Bug Bounty)
* Experience with Windows, Linux, and MacOS operating systems

PREFERRED QUALIFICATIONS

* Experience running red team or penetration testing campaigns in large, complex organizations
* Excellent communication and data presentation skills to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries
* Ability to take a project from ideation through launch
* Experience in communicating with users, other technical teams, and management to collect requirements, describe software product features, and technical designs
* Deep knowledge of at least one scripting language (e.g., Python, Perl, Ruby, Shell scripting)
* Experience in automation via scripting and configuration management tools (e.g., Chef, Puppet, Ansible, Salt, CloudFormation, Terraform)
* Knowledge of AWS Cloud Security principles, threat modeling, and security tooling (e.g., Cobalt Strike, C2 infrastructures, Burp Suite)
* Sharp analytical abilities and proven design skills
* Excellent written and verbal communication skills
* Excellent leadership and teamwork skills
* Results oriented, high energy, self-motivated
* OSCP, OSCE, OSWE, SANS / GIAC, eLearnSecurity Certifications, Published CVE, articles is an added advantage


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.