Security Engineer II, Vulnerability Management and Remediation Operations

Embark on a Mission to Fortify Amazon's Defenses as a Security Engineer II with the Vulnerability Management & Remediation Operations team!

Amazon Security is seeking an experienced and innovative Security Engineer to join our Vulnerability Management and Remediation Operations (VMRO) team in Seattle, Washington. The VMRO team is responsible for discovering, assessing, triaging, detecting, and driving the remediation of vulnerabilities across the Amazon ecosystem.

• Analyse public and private vulnerability disclosures and exploit code.
• Deeply understand and assess the technical details and potential impact of vulnerabilities across Amazon's infrastructure, services, and applications.
• Investigate and triage vulnerabilities, identifying severity and the scope of potential impact to Amazon.
• Support response and remediation efforts, assisting builder teams to fix their security issues in a timely manner.
• Engineer high quality, scalable, and accurate vulnerability detection mechanisms.
• Design and implement automation, tools and workflows to enhance our operations capabilities.
• Be part of a global team and participate in periodic on-call responsibilities to ensure the continuous monitoring and remediation of vulnerabilities.

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object-oriented languages.
• 2+ years of scripting, programming and security code review in a common programming language.
• 2+ years of troubleshooting system issues, analyzing logs or automating tasks using command line tools.
• Bachelor's degree in computer science, STEM field, or equivalent IT security experience.
• Knowledge of networking protocols such as HTTP, DNS, TCP/IP.
• Knowledge of industry-based security vulnerabilities and remediation techniques.

• 2+ years of experience in threat modeling, secure coding, identity management, software development, cryptography, system administration, or network security.
• 2+ years of scripting, programming, or security code review in a common language (Python, Java, C++).
• Knowledge of command line tools to troubleshoot protocols, analyze logs, or automate tasks.
• Knowledge of networking protocols (HTTP(S), DNS, TCP/IP).
• Experience with AWS products and services.
• Experience performing security activities across SDLC phases such as design review, threat modeling, code review, and testing.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers.