|Category||Systems, Quality, & Security Engineering||Job type||Full Time|
Amazon Lab126 is an inventive research and development company that designs and engineers high-profile consumer electronics. Lab126 began in 2004 as a subsidiary of Amazon.com, Inc., originally creating the best-selling Kindle family of products. Since then, we have produced groundbreaking devices like Fire tablets, Fire TV and Amazon Echo. What will you help us create?
We think smart security should work on any home and be accessible to everyone. Do you? Come join Ring to help make neighborhoods safer. From the first-ever video doorbell, to the award-winning DIY Ring Alarm system, Ring's smart home security product line, as well as the Neighbors app, offer users affordable whole-home and neighborhood security.
At Ring, we are committed to making home and neighborhood security accessible and effective for everyone, while working hard to bring communities together. Now Ring is part of the Amazon Devices family, and we are seeking engineers who will help us create the next generation of home security.
As an Offensive Security Engineer for Ring's security program, you will perform full stack penetration tests/offensive tests on infrastructure and applications, to ensure that vulnerabilities are discovered and comprehensive assessment reports along with remediation strategies are delivered.
In this role, you will:
• Develop a broad and deep technical understanding of products, services and architectures pertaining to the Amazon Devices organization.
• Leverage this understanding to conduct full stack testings and covert red team campaigns on web applications, mobile applications and other relevant services.
• Interpret tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
• Identify weaknesses in preventive, detective and corrective controls and recommend improvements.
• Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
• Research and maintain proficiency in attacker Tools, Techniques, Procedures and other topics.
• Propose and develop training materials to help raise the bar across the Devices organization.
• Develop innovative and scalable tools, solutions, and processes to enhance the Devices operations.
Note: While the majority of our Security/Privacy roles are based in the Bay Area, CA and Seattle, WA areas, by applying to this position your application will be considered for all locations we hire for in the United States, including but not limited to: Seattle, WA; Bellevue, WA; Sunnyvale, CA, Austin TX.
• Bachelor's degree in Computer Engineering, Electrical Engineering, a related field
• 3+ years of demonstrated experience in areas such as penetration testing, vulnerability assessments, application , systems , and/or network .
• Understanding of threat modeling, vulnerabilities, attacker exploit techniques, and methods for their remediation.
• 5+ years of experience in Red Teaming/Offensive Security Testing.
• Understanding of best practices in engineering, including secure development, cryptography, network , operations, systems , policy, and/or incident response.
• Experienced with web application technologies, common web, mobile and server operating systems.
• Experienced with AWS services and security concepts.
• Experienced using common penetration testing tools such as Cobalt Strike, Nmap, Burp Suite, Metasploit, etc.
• Experienced with reverse engineering, social engineering and hardware hacking.
• Programming experience in C, C++ and/or Java.
• Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.
• Ability to drive multiple technically complex red teaming engagements and penetration tests together, while remaining effective at providing security guidance to stakeholders.
• Ability to work with a high degree of autonomy.
Amazon is an Equal Opportunity-Affirmative Action Employer - Minority / Female / Disability / Veteran / Gender Identity / Sexual Orientation/ Age