At Amazon Web Services (AWS), we provide world-class, flexible, scalable, and secure cloud services to the world’s fastest-growing startups, the largest enterprises, and leading government agencies. We do this by building, maintaining, and securing one of the largest, most complex networks in the world. Within AWS, the Network Security Organization – Threat and Vulnerability Management (NSO-TVM) team is responsible for threat intelligence, vulnerability management, security information and event management (SIEM), and overall network security across the entire AWS global network.
The AWS NSO-TVM team is looking for an experienced security engineer with deep expertise in red teaming, penetration testing, and operating system fuzzing to join us as an Offensive Security Engineer. In this role, you will be responsible for driving the growth and adoption of these NSO-TVM services across the AWS network. You will work to research, identify, and assess information security threats and vulnerabilities by developing custom vulnerability checks, running red team campaigns, and performing fuzz testing across a variety of network device operating systems. Following your assessments, you will then drive the response and remediation in partnership with device owners to ultimately improve the overall security posture of the AWS network. You will serve as a subject matter expert for software developers, program managers, and other security engineers throughout AWS networking. As a level of technical escalation, you will apply your security and business knowledge to drive secure and pragmatic improvements broadly to Networking Services, all while making technical trade-offs between short- and long-term security and business goals.
AWS leads and innovates. We don’t just buy off-the-shelf software or follow others. We research and pursue the best approach for the business, whether that’s building new solutions or leveraging existing ones. Amazon Web Services, and the Network Security Organization in particular, operate at massive scale and as a result, demand the highest standards, passion, and discipline for information security and software engineering. A high level of ownership and accountability is a must for this role.
· Over five (5+) years of experience in multiple offensive security engineering disciplines (red teaming, penetration testing, fuzz testing, etc.)
· Relevant industry certifications (ISC2, ISACA, SANS/GIAC, CompTIA, Microsoft, Linux, AWS)
· Experience in operating system or application fuzz testing to detect undisclosed or unknown vulnerabilities
· Experience running red team or penetration testing campaigns in large, complex organizations
· Advanced UNIX (preferably Linux) systems engineering skills; from provisioning to performance tuning, with a solid grasp on operating system fundamentals
· Experience in automation via scripting and configuration management tools (Chef, Puppet, Ansible, Salt, CloudFormation, Terraform)
· Deep knowledge of at least one scripting language (Python, Perl, Ruby, etc.)
· A strong understanding of core internet and networking technologies (e.g. TCP/IP, load balancing, authentication mechanisms)
· Experience leading large-scale security projects
· Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries
· Meets/exceeds Amazon’s leadership principles requirements for this role
· Meets/exceeds Amazon’s functional/technical depth and complexity for this role
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Ideal candidate profile
· Bachelor’s Degree in Computer Science, Information Security, Information Technology, or equivalent work experience
· Minimum of three (3) years of experience in at least one offensive security engineering discipline (red teaming, penetration testing, fuzz testing, etc.)