Security Engineer II, Stores Application Security
Job Description
Join the Stores Application Security team as a Security Engineer II. This role collaborates with software development teams to identify and mitigate security risks, conduct threat modeling and secure code reviews, and advance security automation across the software development lifecycle. The position is based in Washington, DC with remote flexibility. Compensation ranges from USD 159,300 to 202,400 per year. A Bachelor's degree in computer science or equivalent and a minimum of 3 years of experience are expected.
What we offer
- Health insurance
- Basic Life & AD&D insurance
- Supplemental life plans
- Employee Assistance Program (EAP)
- Mental Health Support
- Medical Advice Line
- Flexible Spending Accounts
- Adoption and Surrogacy Reimbursement
- 401(k) matching
- Paid time off
- Parental leave
- Sign-on payments
- Restricted stock units (RSUs)
Responsibilities
- Creating, updating, and maintaining threat models for a wide variety of software projects
- Conducting first-party application security research
- Performing manual and automated secure code review, primarily in Java, Python, and JavaScript
- Identifying and mitigating security issues at scale
- Developing security automation tools
- Performing adversarial security analysis using innovative tools to augment manual effort
- Providing security guidance and working with internal software development teams to secure their applications
- Independently solving security problems that require novel methods or approaches
- Influencing your team's and partners' processes, priorities, and choices to improve outcomes
Requirements
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Bachelor's degree in computer science or equivalent, or 3+ years of IT Security experience
- Experience with network architecture, enterprise IT systems and cloud such as AWS
- Proficiency in programming or scripting languages (e.g., Java, Python, Perl, Bash, Ruby, PowerShell, etc.)
- Experience with explaining complex technical risks in simple, clear language so that non-technical stakeholders can easily understand and take appropriate action
- Experience with AWS services, network architecture, and enterprise IT systems
- Experience driving continuous and scalable improvements in security controls and practices, and collaborating with security stakeholders to develop and implement security strategies
- 3+ years of any combination of threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and penetration testing experience
Technologies
- Java
- Python
- JavaScript
- Perl
- Bash
- Ruby
- PowerShell
- AWS
About the team
Diverse Experiences: Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, has not followed a traditional path, or includes alternative experiences, do not let it stop you from applying.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer security professionals the chance to accelerate their careers with opportunities to build experience across cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work life balance
We value work life harmony. Achieving success at work should not come at the expense of family and home life, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there is little we cannot achieve.
Inclusive team culture
In Amazon Security, curiosity drives progress. Ongoing DEI events and learning experiences inspire continuous growth and the celebration of diverse ideas, perspectives, and voices. Addressing the toughest security challenges benefits from a wide range of viewpoints.
Mentorship and career growth
We aim to raise the bar for performance as we work toward Earth’s Best Employer. Expect abundant knowledge sharing, training, and other career-advancing resources to help you grow into a well-rounded security professional.
#JoinStoresAppSec
#JoinStoresAppSec