Come join our offensive security team dedicated to the detection and exploitation of vulnerabilities affecting Amazon consumer devices. This includes performing low-level reviews of hardware, bootloaders, radios, secure enclaves, or OS security features of devices, service reviews including authentication mechanisms, AI, mobile, & web apps. Engineers are also encouraged to experiment with automated techniques, such as symbolic execution, fuzzing, machine learning, or static analysis.
In this role, you will be part of a dedicated team of talented security engineers performing penetration testing exercises to identify vulnerabilities. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping Amazon customers safe and therefore are passionate about mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to reduce manual testing, and enjoy seeing your work's impact across Amazon consumer products and services, then this position is for you. Candidates from entry to senior level will all be considered.
Export Control Requirement:
Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.
Key job responsibilities
* Perform penetration testing exercises across all products, services, and software released by Amazon Lab126 and develop proof of concept exploits.
* Perform vulnerability research using variety of custom tooling and technologies (e.g. symbolic execution, static analyzers, fuzzers, scanners, machine learning, etc).
* Create tools for the discovery of vulnerabilities as well as scale security testing.
* Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements.
* Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.
A day in the life
* Perform pentests on yet-to-be-released devices or software ensuring it meets security requirements
* Perform code review of a driver for a new device being launched to our customers
* Write proof-of-concept code to demonstrate the impact of a security issue
* Raise the security bar of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
* Verify the code fixes made to address security issues
* Develop scripts or tools to automate assessments of targets
* Conduct independent vulnerability research on launched products or dependencies
About the team
The internal penetration testing team is part of the Devices and Services Trust & Security organization, which is responsible for the entire SDLC, vulnerability management, incident response, and overall security across Amazon Consumer Devices (Kindle, Ring, FireOS, Kuiper, Alexa, eero and more). The internal penetration testing team is responsible for reviewing these products, with focus on penetration testing, fuzzing and vulnerability research.
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
We are open to hiring candidates to work out of one of the following locations:
Austin, TX, USA | Virtual Location - TX | Virtual Location - USA
In this role, you will be part of a dedicated team of talented security engineers performing penetration testing exercises to identify vulnerabilities. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping Amazon customers safe and therefore are passionate about mitigating vulnerabilities/risks by providing actionable guidance to product teams and drive long term security improvements. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to reduce manual testing, and enjoy seeing your work's impact across Amazon consumer products and services, then this position is for you. Candidates from entry to senior level will all be considered.
Export Control Requirement:
Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.
Key job responsibilities
* Perform penetration testing exercises across all products, services, and software released by Amazon Lab126 and develop proof of concept exploits.
* Perform vulnerability research using variety of custom tooling and technologies (e.g. symbolic execution, static analyzers, fuzzers, scanners, machine learning, etc).
* Create tools for the discovery of vulnerabilities as well as scale security testing.
* Review technical solutions to provide guidance to help mitigate security vulnerabilities as well as provide actionable long-term risk mitigation guidance to drive security improvements.
* Develop detailed technical documentation describing identified vulnerabilities, associated impact as well as recommendations for guidance for communication with internal engineering stakeholders as well as leadership.
A day in the life
* Perform pentests on yet-to-be-released devices or software ensuring it meets security requirements
* Perform code review of a driver for a new device being launched to our customers
* Write proof-of-concept code to demonstrate the impact of a security issue
* Raise the security bar of vendor-provided hardware (such as whether there are security flaws in its boot process, etc.)
* Verify the code fixes made to address security issues
* Develop scripts or tools to automate assessments of targets
* Conduct independent vulnerability research on launched products or dependencies
About the team
The internal penetration testing team is part of the Devices and Services Trust & Security organization, which is responsible for the entire SDLC, vulnerability management, incident response, and overall security across Amazon Consumer Devices (Kindle, Ring, FireOS, Kuiper, Alexa, eero and more). The internal penetration testing team is responsible for reviewing these products, with focus on penetration testing, fuzzing and vulnerability research.
Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.
Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
We are open to hiring candidates to work out of one of the following locations:
Austin, TX, USA | Virtual Location - TX | Virtual Location - USA