Amazon - Herndon, VA
posted 8 days ago
Full-time - Senior
Herndon, VA
Sporting Goods, Hobby, Musical Instrument, Book, and Miscellaneous Retailers
About the position
The Red Team Senior Security Engineer at AWS Security is responsible for ensuring the security of systems and processes against emerging threats. This leadership role involves conducting offensive security campaigns, threat testing, and developing automated threat emulation solutions. The engineer will provide guidance on security best practices, mentor other engineers, and contribute to the overall security posture of AWS. The position requires a proactive approach to knowledge sharing and a strong understanding of AWS's business and security landscape.
Responsibilities
- Vulnerability Identification and Tracking
- Offensive security testing & vulnerability research
- Emergent threat testing
- Creating/maintaining automated threat emulation solutions
- Recommendation of findings and threat mitigations
- Produce high quality red team reports
- Projects and research work as needed
- Security training and outreach to internal development teams
- Security guidance documentation
- Security tool development
- Security metrics delivery and improvements
- Assistance with recruiting activities
Requirements
- BS in Computer Science or related field, or equivalent work experience
- 5+ years of experience with red teaming, vulnerability testing, and/or auditing techniques
- 5+ years of security engineering, system and network security, authentication and security protocols, security operations, and application security
- Current, active US Government Security Clearance of TS/SCI with Polygraph
Nice-to-haves
- Domain expertise in at least 3 of: security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and testing, software development security, and security operations
- Experience with driving large, company-wide initiatives
- Experience managing customer relationships, expectations, deliverables
- Expert level understanding in at least one core area of Information Security
- Experience using various penetration testing tools (such as, BurpSuite, Metasploit, Nessus, Cobalt Strike, etc.) on Windows and Linux
- Experience with multiple programming languages (such as, Java, C++, C#), especially scripting languages (such as, Python, Ruby, Perl, etc.)
- Experience with reverse engineering
- Understanding of mobile device security
- Experience providing training and mentorship
Benefits
- Flexible schedule to promote work-life balance
- Diverse and inclusive workplace culture
- Employee-led affinity groups
- Annual and ongoing learning experiences
- Innovative benefit offerings
