Information Security is looking for Application Security Engineers to ensure that our applications and services are implemented to the high standards required to maintain and enhance customer trust. If you enjoy analyzing system services, findings issues in code, networks and applications from a security perspective, and you are skilled at discovering security issues that appear under new threat scenarios, this position will provide you with a challenging opportunity.
The ideal candidate is passionate about solving security problems in innovative ways. This person thrives and succeeds in delivering high quality technology products/services in a hyper-growth environment where priorities shift fast. The ideal candidate has broad and deep technical knowledge, typically ranging from front-end UIs through to back-end systems and all points in between. He or she has strong OO design and implementation experience, strong knowledge of web protocols, and an in-depth knowledge of Linux/Unix tools and architecture. Experience with financial or sensitive applications and web services-based applications, especially at massive scale, is very applicable.
You have industry-leading technical abilities. A Security Engineer at Amazon is expected to be strong in multiple domains – it is necessary to be successful in the position. You work with groups throughout Amazon to help them integrate security into their projects. The solutions you develop will regularly require input and guidance from team members and will be based on security engineering best practices. You proactively and continually improve your level of knowledge about Amazon’s business, information security, the threat landscape and relevant technologies. You communicate professionally with your team and the teams you support, knowing when to contribute and when to listen. Your work is accurate and thorough and you strive towards excellence.
You demonstrate a breadth and depth of knowledge in the following disciplines:
• You recognize, adopt, utilize and teach best practices in security engineering: secure development, cryptography, network security, security operations, systems security, policy, and incident response.
• You have appropriate technical skills required by your role and area of specialty: software development, network engineering, systems engineering, cryptography or a combination of all.
• You have a capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance.
• You participate in efforts to promote security throughout the Amazon.
• You help teams develop pragmatic solutions that achieve business requirements while maintaining an acceptable level of risk.
• You solve problems at their root, stepping back to understand the broader context.
• You maintain an understanding of the Internet threat environment and how it affects the company.
• You work to find and fix flaws in existing company systems and sites.
• You understand the current state of network and application security tools and how they can benefit the company.
• You keep your knowledge and skills current to keep up with the rapidly changing threat landscape.
- BS in Computer Science or equivalent required
- Consistent implementation of security solutions at the business unit level
- At least 4 years of infrastructure/systems and network security experience
- At least 5 years of system, network and/or application security experience
- Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography
- Experience with the application of threat modeling or other risk identification techniques
- Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
- Scripting skills (e.g., PERL, shell scripting)
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Excellent written and verbal communication skills
- Excellent leadership skills and teamwork skills
- Results oriented, high energy, self-motivated
- BS Degree in Computer Science, Engineering or a similar field with a minimum of 5 years of experience.
- Ability to Identify security issues and risks, and develop mitigation plans
- Implement, support, and evaluate security-focused tools and services
- Advise and consult with internal customers on risk assessment, threat modeling and fixing vulnerabilities
- Interpret security policies and procedures
- Evaluate and recommend new and emerging security products and technologies
- Develop and deliver training materials and specific security technology training
- Consult with our Acquisitions and Vendor assessments team’s due diligence projects
- Participate in tier 2 and tier 3 security escalations support
- Evangelize security within Amazon.com and be an advocate for customer trust
Per l’annuncio completo clicca qui.