Senior Security Engineer - AppSec

Job summaryAre you passionate about application security? Would you like to be a part of the team that is tasked with solving a huge business problem through technology innovations? We need exceptionally talented, bright, and driven people. As a Senior Security Engineer - Application and Architecture Security, you will help ensure our applications and services are designed and implemented to the highest standards. If you enjoy analyzing the security of applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios, this position will provide you with a challenging opportunity. You will participate in security audits, risk analysis, vulnerability testing and security reviews across all elements of software systems.You will tackle challenging situations every day and, given the size of this initiative, you will collaborate with various levels across Whole Foods Market and Amazon. We want someone ready to partner across Whole Foods Market’s technology and security engineering groups to secure and protect applications. We operate in a hyper-growth environment where priorities shift quickly, wear many hats, so passion and discipline around security and delivery is critical. You should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven’t been solved at scale before. Along the way, we guarantee that you’ll learn a ton, have fun and make a positive impact on millions of people.

Basic Qualifications

• 5+ years of progressive experience within a software security team or similar operating environment
• Experience in threat modeling or other risk identification techniques
• Knowledge of system security vulnerabilities and remediation techniques
• Familiarity with common attack patterns and exploitation techniques
• Experience with manual and automated static code analysis for languages such as Java, C++, and C#
• Experience with dynamic web application security testing with tools such as Burp Suite
• Bachelor’s degree in Computer Science, Information Security, Engineering or equivalent industry experience

Preferred Qualifications

• Master's degree in computer science, information security, engineering, or equivalent.
• Experience working with development teams that have delivered enterprise software, commercial software, or software-based services.
• Ability to write proof-of-concept exploits for vulnerabilities.
• Experience with AWS-specific technologies.
• Solid understanding of cryptographic fundamentals.
• Scripting skills for automation purposes.
• Experience with fuzzing.
• Experience with reverse engineering tools such as IDA Pro, Ghidra, etc.
• Experience with software defined networking in public cloud environments

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.