Note: The job is a remote job and is open to candidates in USA. Amazon's Internal Audit Security team is seeking a Security Engineer III to join our mission of protecting customer data and keeping Amazon secure. You will operate as a security lead, partnering with world-class engineering teams to uncover vulnerabilities and assess large-scale security solutions across Amazon's products and infrastructure.
Responsibilities
- Lead independent security audits of Amazon systems, services, and infrastructure to assess whether security controls are effective
- Identify security risks through penetration testing, design reviews, threat modeling, and code analysis
- Investigate security control failures — determine why preventive or corrective controls didn't work, and drive root-cause resolution across team boundaries
- Assess security controls around Amazon's adoption of AI/ML technologies — including model access, training data protection, output integrity, and integration into development workflows — to ensure they result in secure customer experiences
- Build reusable security frameworks, runbooks, and rubrics that enable the team to assess new problem domains repeatably and at scale
- Communicate security risk findings and recommendations clearly to technical teams and senior leadership
- Mentor and develop other security engineers; lead engagements requiring coordination across multiple engineers and teams
Skills
- 5+ years of industry-based experience in security vulnerabilities identification, attack patterns, and remediation techniques (non-internship) experience
- Bachelor's degree in Computer Science or a related field
- 5+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
- Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
- Experience as a mentor, tech lead or leading an engineering team
- Experience using standard security assessment and penetration testing tools such as BurpSuite, Metasploit, and IDA Pro
- Experience working directly with security and engineering teams
- Experience in written and verbal communication with the ability to present complex technical information in a clear and concise manner to executives and non-technical leaders
- Demonstrated ability to construct reusable security frameworks, runbooks, or rubrics for complex problem domains
- Domain expertise in at least three of: security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and testing, cryptography, software development security, and reverse engineering
- Vulnerability research experience with complex software and hardware components
- Cloud computing (AWS), virtualization, containerization architecture knowledge
- Experience identifying and driving centralized security controls at the organization or company level
- Experience with microservices, APIs, and distributed systems
- Strong data analysis abilities to derive insights from security signals
- Track record of mentoring or coaching security engineers
- Experience resolving root causes of systemic security problems across team boundaries
- Participation in bug bounty programs
- Experience building scalable, reusable security frameworks and tools
- Web service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks
- Experience using boto3
- Experience leveraging AI/ML tools to enhance security testing, code analysis, or audit workflows
- Demonstrated ability to navigate ambiguity, make tough technical decisions, build consensus across teams, and drive long-term security initiatives with measurable risk reduction
Benefits
- Sign-on payments
- Restricted stock units (RSUs)
- Health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
- 401(k) matching
- Paid time off
- Parental leave
Company Overview
Company H1B Sponsorship