We use cookies. Find out about cookies here. By continuing to browse this site you are agreeing to our use of cookies.

Security Engineer, Application Security Automation, New York City, New York

CategorySystems, Quality, & Security Engineering
Job typeFull Time
CountryUnited States of America
StateNew York
CityNew York City
Job summary
Are you passionate about identifying web app vulnerabilities and looking for a challenge to identify them at Amazon's scale? Are you looking to work with developers on a daily basis and help them solve complex security issues? You might be the perfect fit for this role.

Key job responsibilities
• Develop security detections (both static and dynamic) to identify vulnerabilities at scale
• Evaluate and recommend new security testing tools
• Develop and interpret security standards and guidance
• Demonstrate and promote Security best practices
• Application security assessments
• Risk assessment and threat modeling
• Drive improvements of Amazon's overall security architecture

A day in the life
In this role, you will work with builders and other security teams to determine opportunities for security automation and develop scalable solutions for Amazon.

You will bring to the team:
• Excellent written and verbal communication skills
• Well-rounded knowledge of multiple Information Security domains
• Deep technical understanding of the OWASP Top 10
• Solid experience in threat modeling and identification techniques
• Ability to work with other teams to resolve security issues at scale
• Experience in code reviews, vulnerability detection, and root cause analysis
• Strong sense of ownership, urgency, and drive

About the team
Amazon is continuously innovating new services and features for customers. To keep up with that innovation, Amazon Scanners team raise the bar for application security by identifying as many vulnerabilities through automated static and dynamic application testing (SAST & DAST) tools. Our team:
• Empower builders and development teams with security detections at the highest standards of quality.
• Drive efficiencies at scale through thoughtful but deliberate automation that raises the security bar and eliminates vulnerability classes .
• Provide innovative solutions to maintain pace with emerging technologies.
• Partner with other security teams, engineers, builders, and security practitioners to improve security.
• Provide transparency in decision making and lead by example.

Basic Qualifications:
• Bachelor's or Master's degree in an engineering discipline or equivalent experience in the field of Security
• 1+ years of experience with scripting languages (e.g. Python, Ruby)
• Technical understanding of the OWASP Top 10
• Experience in threat modeling and risk identification techniques
• Excellent written and verbal communications skills

Preferred Qualifications:
• Excellent leadership, teamwork and collaboration skills.
• Results-oriented, high energy, self-motivated..
• Information security professional certifications encouraged (SANS GIAC, CISSP etc.)
• Excellent attention to detail
• Passionate about security; involved in the application security community
• Experience building tooling and automated solutions
• Experience with static and dynamic security scanning tools (Fortify, Arachni, Coverity, Checkmarx, AppScan, etc.)

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.