Amazon.com is looking for a Security Engineer focused on developing elegant solutions to complex business problems centered around vulnerability management. This includes architecture and design, tooling development and assessment, training and outreach as well as documentation and process automation. You will also work directly with our Vulnerability/Exploit Analysts and Vulnerability Operation Analysts to drive remediation efforts.
· Develop procedures related to the review of vulnerabilities.
· Provide technical support for the resolution of vulnerabilities reported by our automated systems.
· Provide tier 3 security operations support.
· Develop security policies, standards, procedures and guidelines.
· Participate in security compliance efforts (e.g. PCI, SOX).
· Implement and support security-focused tools and services.
· Earn trust and maintain strong working relationships with teams responsible for patching.
· Build information security as a core competency throughout our relationships with our internal partners including education and training.
· Drive continual improvement and innovation in the vulnerability management space.
· Participate in on-call duties related to vulnerability management.
· BA/BS in an engineering or technical leadership discipline, or equivalent experience
· At least 1 year of experience with development team(s) that delivered commercial software or software-based services (development, QA testing, or security role).
· Related compliance experience, including: PCI, GLBA, SAS70 (SOX/HIPPA desirable)
· Security certifications encouraged
Ideal candidate profile
· BA/BS in an engineering or technical leadership discipline, or equivelant experience
· Experience with vulnerability management solutions, vulnerability analysis, and risk analysis.
· At least 3 years of system, network and/or application security experience.
· At least 1 years of development experience in C, C++ and/or Java.
· At least 1 year of mobile device security experience.
· Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
· Scripting skills (e.g. Perl, Ruby, Python, Shell scripting).
· Ability to write advanced SQL queries against Oracle and MySQL back-ends.
· Detailed knowledge of system security vulnerabilities and remediation techniques.