Sr. Engineer, Red Team, Bots & DDoS Threat Intelligence

Amazon Traffic Engineering is looking for a Senior Red Team Security Engineer to join a new offensive security team focused on bot mitigation and DDoS defense. You'll design and execute adversarial simulations against Amazon's internet-facing infrastructure, testing the systems that protect billions of customer requests daily.

Traffic Engineering securely connects all customers worldwide to SDO services and Stores marketplaces. We focus on protecting and optimizing internet-facing services, while meeting the evolving standards of the public-facing internet. As GenAI capabilities rapidly advance, with AI agents autonomously browsing the web, agentic browsers executing multi-step tasks, and LLM-powered bots capable of mimicking human behavior at scale, the threat landscape is fundamentally shifting. You will be a technical leader on this team, developing novel attack methodologies to stay ahead of adversaries leveraging autonomous agents for scraping, inventory manipulation, and distributed attacks., * Design and execute red team engagements targeting bot detection platforms, WAFs, CDN protections, and DDoS mitigation services

• Develop and maintain custom offensive tooling - anti-detect browser automation, TLS fingerprint manipulation (JA3/JA3S), Canvas/WebGL evasion, and behavioral replay systems
• Research and simulate emerging AI-driven attack vectors including autonomous browsing agents, LLM-powered bots, and agentic scraping techniques
• Mentor junior engineers on tradecraft, engagement methodology, and responsible offensive operations
• Collaborate with detection engineering teams to translate findings into measurable defensive improvements; author detailed technical reports with actionable remediation guidance

Do you have experience in Risk mitigation strategy development?, * 5+ years of work in identifying security issues and risks, and developing mitigation plans experience

• 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
• Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques, * Experience applying threat modeling or other risk identification techniques or equivalent
• 5+ years of experience in offensive security, red teaming, or penetration testing
• Deep hands-on expertise in web application security, bot evasion techniques, or DDoS attack methodologies
• Experience with anti-detect browser frameworks (Nodriver, Puppeteer Stealth, Playwright)
• Familiarity with LLM-based automation and AI agent architectures

3.53.5 out of 5 stars Remote $178,400 - $226,700 a year - Full-time, Pulled from the full job description

• AD&D insurance
• Parental leave
• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance
• Dental insurance, The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits. USA, , Virtual - 178,400.00 - 226,700.00 USD annually