Amazon Corporate LLC Sr. Security Engineer in Seattle, Washington

Sr. Security Engineer Location: US-WA-Seattle Job ID: 713617 Company: : Amazon.com Services, Inc. Position Category: Systems, Quality, & Security Engineering Company/Location (search) : Country (Full Name): : United States Job DescriptionAmazon's Internal Offensive Security Research Team is looking for a skilled security researcher to join our team's efforts to help keep Amazon secure by uncovering and exploiting any vulnerabilities present across the scope of Amazon products and services. At Amazon we're working to be the most customer-centric company on Earth. This team strives to protect our customers and their data through analyzing the systems that work for them. Are you ready to partner with Amazon's cutting-edge business and engineering groups to uncover vulnerabilities in hardware and software across Amazon? Are you looking for a position that will leverage and grow your vulnerability assessment/exploitation skills, expand your knowledge of technology at scale, and provide opportunities to problem solve with some of the best minds in the industry? Then this is the position for you. This role has a broad scope which includes hardware analysis, reverse engineering firmware, source code review, network penetration, and application exploitation. In addition, the researcher is expected to design, develop, and execute novel abuse scenarios engineered to push the limits of Amazon's detection processes and capabilities. In this position you will explore a variety of different products and services created by Amazon. You must be able to understand complex business processes and technology to identify the full range of risks that could be exploited. Candidates must demonstrate resilience and navigate difficult situations with composure and tact. This role requires implementation of one's security knowledge, coupled with the ability to learn and operate as part of a team of highly skilled individuals. Responsibilities/Skills Conduct full cycle engagements with business units as part of a team Perform vulnerability assessments of client systems, hardware, services, APIs, and networks to discover vulnerabilities Thoroughly document exploit chain/proof of concept scenarios for client consumption Interpersonal skills to work across teams and within different areas and groups Excellent written and verbal communication skills with the ability to summarize technical vulnerabilities in concise and actionable recommendations for senior leadership Basic Qualifications Bachelor's degree in Computer Science or related field. 5+ years of security engineering experience 5+ years of experience in vulnerability testing and auditing Experience working with development team(s) that have delivered commercial software or software-based services Experience with hardware security, system and network security, authentication and security protocols, cryptography, and application security Experience with the application of threat modeling or other risk identification techniques Development experience in C, C++, and/or assembly (x86,x86-64, ARM) Knowledge of threat modeling or other risk identification techniques Knowledge of system security vulnerabilities and remediation techniques Familiarity with attack patterns and exploitation techniques Knowledge of network and related web protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) Knowledge of operating system internals, with emphasis on Linux and common RTOS environments, side channel attacks, hardware root of trust and secure boot implementations. Preferred Qualifications Proven track record of finding zero days Knowledge of hardware security mechanisms, including secure boot, trusted exec