71 open jobs
Guardians of Customer Trust
Information Security enables Amazon to grow and develop, which presents a unique and exciting blend of security challenges. We're looking for exceptional security professionals specializing in a variety of disciplines; if building secure, world-class always-on infrastructure and businesses excites you, we hope you'll get in touch!
Application Security works with teams throughout Amazon, and its subsidiaries, to assess security practices and defend policies. We detect vulnerabilities and flaws, protect software and systems, and defend against application-related threats. Common tasks include supporting a secure development lifecycle, design reviews, training, threat modeling, code review, penetration testing and monitoring the risk landscape for change.
Security Operations is the first line of response when dealing with information security threats to Amazon and its subsidiaries. The team is responsible for providing expert analysis to aid service owners when responding to new and emergent risks. We develop of tools, techniques and processes that enhance Amazon agility when responding to information security events.
We build systems to support Amazon security infrastructures. Our projects include advanced identity and access management solutions, massive-scale security configuration and monitoring systems, and extensive digital certificate and code-signing management, which support our security initiatives across Amazon and our subsidiaries.
Our team makes sure that we maintain high security standards when teams share data outside the company. Amazon has relationships with thousands of other companies, from payment providers, to video-game developers, to customs processors. For each partnership, we evaluate and prioritize the risk to Amazon and our customers. Then we build tools and rules for the technology, contracts and compliance measures to address those risks.
Infrastructure Security designs and builds the first lines of defense and security monitoring for Amazon networks and data assets. We consult with other infrastructure teams on new internal and border network design, DDoS mitigation architecture and secure zone design.
Security Program Services
We drive the rhythm of the business for Information Security. Our pillars include: business operations, overall program efficiency, project leadership and relationship management that scale to our many senior leaders, partners and subsidiaries. In addition, we work on process improvements, security training as well as outreach and awareness efforts at security conferences and college campuses.
Attack and Research
Attack and Research conducts deep investigations to provide intelligence supporting risk-management decisions. We have offensive security expertise to identify and document threats to the business by conducting penetration tests. Attack and Research also develops proactive, automated solutions to help identify new security issues. Working with us means that you will be exposed to a wide variety of security issues; so candidates should have a strong background in networking, systems, and web application security. Vulnerability analysis, exploit/PoC writing, and security code reviews are also part of the teams work, so strong coding skills are also required.
The Security Incident Response Team (SIRT) provides rapid-response capabilities, performs comprehensive investigations into security incidents, and contributes to the prevention of such incidents by engaging in proactive threat assessment, security research, incident-trend analysis, and vulnerability management.
The Vulnerability Management team understands, protects and improves the security posture of Amazon. We drive the Vulnerability and Patch Management program ensuring that our internal and external systems, are continuously scanned to identify, mitigate, remediate and report on vulnerabilities.
Security Automation Team
The Security Automation Team develops tools and applications that support critical business functions across Information Security. If your interest is developing the next state-of-the-art web-application security scanner, or integrating security workflow into complex business processes, we are the development team for you. Our engineers develop high-quality code and support security projects from inception, over design and testing down to real-life deployment.