50 open jobs
Guardians of customer trust.
The Amazon Information Security team enables Amazon's business to grow and develop, which presents a unique and exciting blend of security challenges. We're looking for exceptional security engineers specializing in a variety of disciplines; if building secure, world-class "always on" infrastructure and businesses excites you, we hope you'll get in touch!
Application Security Engineering
The Application Security Engineering Team works with teams throughout Amazon and its subsidiaries, to assess security practice and policy, detect vulnerabilities and flaws, protect software and systems, and to defend against application-related threats. Common tasks throughout our team include secure development lifecycle, design review, training, threat modeling, code review, penetration testing and monitoring the risk landscape for change. When it suits us to do so, we will also write some of our own tools.
The Security Operations team is the first line of response when dealing with information security threats to Amazon and its subsidiaries. The team is responsible with providing expert analysis to aid service owners in responding to new and emergent risks. The team is responsible for the development of tools, techniques and processes that enhance Amazon's ability to respond to information security events.
Our team is about building systems to support Amazon's security infrastructure. Our projects include working on advanced identity and access management solutions, massive scale security configuration and monitoring systems, and extensive digital certificate and code-signing management, which support our security initiatives across Amazon and our subsidiaries.
External Party Security
Our team makes sure that we maintain Amazon's high security standards when sharing data outside the company. Amazon works with thousands of other companies, from payment providers, to video game developers, to customs processors. For each type of partnership, we evaluate and prioritize the risk to Amazon and our customers. Then we build Amazon-scale tools and rules for the technology, contracts and compliance measures necessary to address those risks.
Infrastructure Security designs and builds the first lines of defense and security monitoring for Amazon’s network and data assets. We consult with infrastructure teams on new internal and border network design, DDoS mitigation architecture and secure zone design.
Security Program Services
The Security Program Services team drives the rhythm of the business for Information Security. Our pillars include but are not limited to: business operations, overall program efficiency, project leadership and relationship management that scale to our many senior leaders, partners and subsidiaries globally. In addition, we work on process improvements, security training as well as outreach and awareness efforts at security conferences and college campuses.
Attack and Research
Attack and Research conducts deep investigations to provide intelligence supporting risk management decisions. The team also provides offensive security expertise to identify and document threats to the business by conducting penetration tests on Amazon and its subsidiaries. Attack and Research also develops innovative automated solutions to help proactively identify new security issues. Working in Attack and Research means that you will be exposed to a wide variety of security issues, and as such should have a strong background in networking, systems, and web application security. Vulnerability analysis, exploit/PoC writing, and security code reviews are also part of the teams work so strong coding skills are also required.
The Amazon Security Incident Response Team (SIRT) provides rapid response capability, performs comprehensive investigations into security incidents, and contributes to the prevention of such incidents by engaging in proactive threat assessment, security research, incident trend analysis, and vulnerability management.
The Vulnerability Management Team is responsible for understanding, protecting and improving the security posture of Amazon. Our main function is to drive the Vulnerability and Patch Management program ensuring that our systems, both internal and external, are continuously scanned to quickly identify, mitigate, remediate and report on vulnerabilities.
Security Automation Team
The Security Automation Team develops tools and software applications that support critical business functions across the Information Security team. Whether you are interested in developing the next state of the art web application security scanner, or integrating security workflow into Amazon’s complex business processes, we are the development team for you. Our engineers develop high quality code and support security projects all the way from inception, over design and testing down to real life deployment.