Security Engineer II, Devices and Services Security

Amazon.com, Inc.
Sunnyvale, United States of America
2 days ago

Role details

Contract type
Internship / Graduate position
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 213K

Job location

Sunnyvale, United States of America

Tech stack

Java
JavaScript
.NET
Software System Penetration Testing
User Authentication
Bluetooth
C++
Command-Line Interface
Cloud Computing Security
Code Review
Computer Security
Data Centers
Identity and Access Management
Python
Network Security
Object-Oriented Software Development
Systems Development Life Cycle
Ruby
Secure Coding
Mobile Security
Software Engineering
Large Language Models
Software Security
Swift
Cyber Threat Analysis
Go

Job description

Have you wanted an opportunity to find security issues in the embedded systems/devices and low level software that enables day to day corporate functions? Are you able to break into embedded systems/devices by exploiting vulnerabilities in wireless, Bluetooth, using fault injections or other attacks? This position will provide you with a unique opportunity to find security issues into every day devices

Device & Services Security (DSS) is the Business Security Team for Amazon Devices. We own the security outcomes and relationship with Devices-org acquired companies. Each acquired company runs its own security program; DSS is the connective tissue that lets Amazon Security understand posture, surface meaningful risk to Amazon leadership, and coordinate on the few areas where the boundary genuinely needs to be crossed (incident response, identity, cross-org data, executive escalation)., The current primary engagement for this role is Zoox, Amazon's autonomous vehicle subsidiary, which is building the first ground-up fully autonomous robotaxi fleet. The role is not Zoox-exclusive: you will be expected to support other organizations in the DSS portfolio as priorities shift, and to bring patterns from one engagement to the next., * Creating, updating, and maintaining threat models for a wide variety of software projects

  • Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
  • Development of security automation tools
  • Perform design reviews and risk assessments for new or existing production infrastructure.
  • Enhance existing systems to detect mis-configurations within large deployments.
  • Security training and outreach for internal development teams
  • Security architecture and design guidance
  • Independently solve security problems that require novel methods or approaches
  • Influence your team's and partners' process, priorities, and choices to improve outcomes

A day in the life As a security engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers. You will drive continuous improvement in policy, systems, and tools securing critical data and infrastructure.

You will be the technical owner of how Amazon Security sees a given organization, how risk is captured and reported, and how the small set of cross-org expectations actually get wired up. This is a high-autonomy, high-visibility IC role with direct reach into Amazon Security leadership and acquisition CISOs.

About the team Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying. Why Amazon Security? At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Inclusive Team Culture In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Training & Career Growth We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.

Requirements

Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security

  • 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
  • 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
  • 3+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
  • Knowledge of industry-based security vulnerabilities and remediation techniques, Experience with AWS products and services
  • Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
  • Experience in any combination of the following: application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development
  • Experience supporting a security program for a robotics, automotive, autonomous vehicle, or other physical-product company with corporate, data center, lab, and edge environments in scope.
  • Compliance fluency: NIST 800-53, CSF 2.0, ISO 27001, SOC 2, or automotive-adjacent frameworks (ISO/SAE 21434, UNECE R155).
  • Experience integrating LLM-based tooling into security workflows (triage assistants, evidence collection, control-mapping copilots).

Benefits & conditions

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.

USA, CA, Sunnyvale - 166,600.00 - 212,800.00 USD annually

Apply for this position