Senior Pentest Security Engineer, Penetration Testing

$143,300 - $247,600/Yr

Amazon - New York, NY

posted 11 days ago

Full-time - Mid Level
New York, NY
10,001+ employees
Sporting Goods, Hobby, Musical Instrument, Book, and Miscellaneous Retailers

About the position

The Senior Pentest Security Engineer will join Amazon's penetration testing team, focusing on identifying and exploiting vulnerabilities in Amazon's consumer services and devices. This role involves conducting thorough reviews of hardware, software, and services, including web applications and APIs, while also innovating automation techniques to enhance testing processes. The position is integral to the Devices and Services Trust & Security organization, which aims to protect customer trust and data through comprehensive security measures.

Responsibilities

  • Lead penetration tests against devices, services, and software released by Amazon's Devices & Services organization and develop proof of concept exploits.
  • Lead vulnerability research using a variety of custom tooling and technologies while scaling security testing (e.g. symbolic execution, static analyzers, fuzzers, scanners, machine learning, etc.).
  • Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.
  • Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance to drive security improvements.
  • Lead impactful security improvements in large product lines through close collaboration with our partner builder teams.
  • Develop detailed technical documentation describing identified vulnerabilities, associated impact and remediation to guide communication with internal engineering stakeholders and leadership.
  • Mentor junior penetration testers and cultivate a culture of collaboration and research sharing.

Requirements

  • 5+ years of experience identifying, exploiting, and recommending solutions to remediate web application and service API vulnerabilities (e.g. mass assignment, broken object/function level authorization, JWT/OAuth, injection, business logic flaws, excessive data exposure, etc.).
  • Foundational knowledge of hardware security fundamentals (e.g. Secure boot, JTAG/UART/SPI/I2C, firmware extraction and analysis, TEE, side-channel attacks, privilege escalation).
  • Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks.
  • Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services.
  • Bachelor's degree in Computer Science or related field, or equivalent industry experience.

Nice-to-haves

  • Experience in CTF competitions, CVE research, and/or Bug Bounty recognition.
  • Experience with applying and assessing Machine Learning technologies.
  • Published security research (e.g. conference presentations, whitepapers, blog posts).

Benefits

  • Flexible work hours and arrangements
  • Training and career growth opportunities
  • Work-life balance initiatives
  • Diversity and inclusion programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service