At Amazon, we are obsessed with earning customer trust. In the Corporate Services Security team, we protect critical business services that our employees use to deliver the best products and services on planet earth.
Our Red Team is looking for an innovative and results-oriented Red Team engineer who has a strong passion for security at scale. This team is responsible for performing goal-based adversarial emulation against corporate services and integrations, and uncovering systemic risks that lead to lasting change across the company.
A person in this role must show exemplary judgment in making trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate ambiguous situations with composure and tact. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.
Key job responsibilities
* Develop and deliver adversarial emulation campaigns to discover systemic risk plaguing the organization
* Write compelling attack narratives for our development teams to consume and understand
* Write crisp executive summaries for presentation to stakeholders and executives
* Develop innovative accelerators, tools, and mechanisms to improve your team’s velocity and quality
* Facilitate forums with principal engineers to drive consensus on appropriate solutions
* Demonstrate creativity, insight, intellectual flexibility, and sound risk judgment
* Work independently, but collaborate with cross-functional teams to produce broad impact and exceptional results
We are open to hiring candidates to work out of one of the following locations:
Nashville, TN, USA | Virtual Location - CA | Virtual Location - CO | Virtual Location - IL | Virtual Location - MI | Virtual Location - MN | Virtual Location - NJ | Virtual Location - NY | Virtual Location - PA | Virtual Location - WA
* Minimum 3 years of experience running red team campaigns in large, complex organizations
* Minimum 5 years of experience performing penetration testing or exploit development
* Minimum 5 years of working with Python, C/C++, Lua, Golang, or Rust
* Minimum 3 years of experience with AWS technologies and services
* OSCE3, OSWE, or equivalent (SLAE32/64, etc.)
An ideal candidate would possess any of the below qualifications (not all of them):
* Experience as a software engineer, or security engineer working with development teams that delivered commercial software or services
* Knowledge of AWS Cloud Security principles
* Threat Modeling Experience with PASTA
* Threat hunting and/or detection engineering background a plus
* Bachelor's Degree or MS in Computer Science or related field
* Experience in automation and orchestration (Chef, Puppet, Ansible, etc)
* Infrastructure-as-Code experience (CloudFormation, Terraform, etc)
* OSEE certification (or equivalent expert-level certifications)
* Published CVEs, offensive tools, or articles
* Exemplary written skills
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. Applicants should apply via our internal or external career site.