Senior Security Engineer, Proactive Security

Amazon Amazon · Big Tech · Seattle, WA · Systems, Quality, & Security Engineering

Senior Security Engineer responsible for driving security initiatives, leading security reviews, threat modeling, manual code reviews, and penetration testing. The role involves designing and building security automation, tooling, and processes, with a specific focus on leveraging generative AI and machine learning for security automations to streamline workflows and enhance vulnerability detection.

What you'd actually do

  1. Lead end-to-end security reviews for complex, high-priority services including design reviews, threat modeling, and penetration testing scoping and readout
  2. Serve as a subject matter expert for assigned affinity teams, providing architectural guidance and security consultation to service teams throughout the development lifecycle
  3. Independently perform and guide threat modeling exercises for complex distributed systems, identifying risks and recommending mitigations
  4. Conduct targeted manual code reviews of security-critical components, identifying vulnerabilities and insecure patterns that automated tools miss
  5. Scope, coordinate, and oversee penetration testing engagements; analyze results and drive remediation with service teams

Skills

Required

  • application security
  • threat modeling
  • secure system design
  • scripting
  • programming
  • security code review
  • Scala
  • Java
  • Python
  • C/C++
  • Go

Nice to have

  • security in service-oriented architectures/microservices
  • web services

What the JD emphasized

  • minimal guidance
  • security-critical components
  • security automation, tooling, and processes
  • generative AI and machine learning
  • security automations
  • streamline review workflows
  • enhance vulnerability detection
  • reduce manual toil
  • self-service guidance
  • security metrics
  • 4+ years of non-internship background in troubleshooting systems issues, analyzing logs, or automating complex tasks using command line tools experience
  • 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
  • 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience

Other signals

  • Leverage generative AI and machine learning to build intelligent security automations
  • streamline review workflows
  • enhance vulnerability detection
  • reduce manual toil