Application Security Engineer, Proactive Security

Description

The Application Security (App Sec) Security Engineer is responsible for conducting security assessments and reviews of applications and services to identify vulnerabilities and ensure adherence to security standards. This role works under the guidance of senior engineers to evaluate system designs, perform threat modeling, and validate that services meet the organization's security bar before launch.

Key job responsibilities

Security Reviews:
Conduct security design reviews for new and existing services, evaluating architecture documents, threat models, and system designs for potential security risks

Threat Modeling:
Perform threat modeling exercises to identify attack vectors, security weaknesses, and areas of concern in application architectures

Penetration Testing:
Execute or coordinate penetration testing activities to validate security controls and identify exploitable vulnerabilities

Finding Management:
Document, track, and communicate security findings to service teams, providing clear remediation guidance and verifying fixes

Security Guidance:
Provide security consultation to development teams on secure coding practices, authentication/authorization mechanisms, cryptographic implementations, and data protection strategies

Escalation Support:
Identify and escalate high-severity security issues through appropriate channels, ensuring timely remediation aligned with launch timelines

Documentation:
Maintain clear and thorough documentation of review outcomes, security decisions, and risk assessments

Tool Utilization:
Leverage automated security scanning tools and internal security platforms to support review activities and improve efficiency

About the team

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.

Basic Qualifications

- 2+ years of web protocols, common security attacks, and remediation (non-internship) experience

- Bachelor's degree in Engineering, Computer Science, or a related field

- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent

- Experience with web protocols, common security attacks, and remediation (non-internship)

- Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure

- Experience with coding/scripting in one or more languages (e.g., Python, C, C++, Java, Ruby, or Power Shell)

Preferred Qualifications

- Experience with AWS services or other cloud offerings

-…