Pentest Security Engineer II, Devices & Services Pentesting
$136,000 - $212,800/Yr
Amazon - Austin, TX
posted 6 days ago
Full-time - Mid Level
Austin, TX
10,001+ employees
Sporting Goods, Hobby, Musical Instrument, Book, and Miscellaneous Retailers
About the position
The Pentest Security Engineer II role at Amazon focuses on identifying and exploiting vulnerabilities across a wide range of services and devices, including consumer products and satellite systems. The position involves conducting thorough penetration tests, analyzing complex service workflows, and collaborating with product teams to enhance security measures. The ideal candidate will have a strong background in web application security and a passion for improving security practices within Amazon's Devices and Services organization.
Responsibilities
- Lead and contribute to penetration tests against services and software released by Amazon's Devices & Services organization.
- Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.
- Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance.
- Lead impactful security improvements in large product lines through close collaboration with partner builder teams.
- Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation.
- Mentor junior penetration testers and cultivate a culture of collaboration and research sharing.
Requirements
- 3+ years of experience identifying, exploiting, and recommending solutions to remediate web application and service API vulnerabilities.
- Experience tracing sources and sinks during code review to identify vulnerabilities, and providing contextual remediation guidance.
- Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks.
- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services.
- Bachelor's degree in Computer Science or related field, or equivalent industry experience.
Nice-to-haves
- Foundational knowledge of hardware security fundamentals.
- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition.
- Experience with applying and assessing Machine Learning technologies.
- Published security research (e.g. conference presentations, whitepapers, blog posts).
Benefits
- Flexible work hours and arrangements
- Career growth opportunities
- Knowledge-sharing and training resources
- Work-life balance initiatives
