Amazon's Internal Audit Security team is seeking a Security Engineer II to join our mission of protecting customer data and keeping Amazon secure. You will partner with world-class engineering teams to uncover vulnerabilities, design novel abuse scenarios, and assess large-scale security solutions across Amazon's products, services, and infrastructure.
In this role, you will leverage your skills in vulnerability assessment, exploitation, penetration testing, and red teaming to identify and mitigate risks. Your work will span source code analysis, network penetration, and application exploitation. You will design, implement, and execute methodologies for security assessments of critical Amazon systems. You will be exposed to the full breadth of technology used across Amazon and its subsidiaries, influence security architectures, and communicate risks to Senior Executives.
This role requires technical depth coupled with the ability to operate independently and as part of highly-skilled teams.
Key job responsibilities
- Conduct full-cycle security engagements spanning vulnerability discovery, exploitation, risk analysis, and remediation planning
- Perform security assessments including design reviews, threat modeling, and penetration testing on production software, hardware, networks, and cloud services
- Execute comprehensive security testing following Internal Audit standards and industry best practices
- Develop novel abuse scenarios and campaigns to push boundaries and enhance Amazon's security
- Build large-scale security solutions for testing, monitoring, remediation, analytics, and automation across Amazon
- Collaborate with development teams to create new security tooling and enable secure software practices
- Demonstrate exceptional judgment, integrity, technical expertise, business acumen, and communication skills
- Prepare and deliver security risk recommendations to technical teams and leadership
About the team
Internal Audit Security executes independent assessments of the efficacy of Amazon's layered security controls. We prioritize security assessments of systems and processes that may impact foundational technologies, human safety, privacy and durability of customer data, and financial systems. We believe active tests are required to assess complex environments and emphasize custom tooling to enable safe operation at scale.
At Amazon, we embrace diversity, equity, and inclusion. We are dedicated to building an environment that celebrates knowledge sharing, mentorship, and career growth for our team members. Join us in delivering secure, trusted experiences for Amazon customers worldwide.
