Security Engineer – Penetration Tester

Amazon is one of the largest providers of web services, software and hardware devices in the world. The Amazon’ Security Engineering Team is looking for a penetration tester to join its growing team of penetration testers who cover Amazon’s infrastructure and applications.

The scope of this role includes performing the full cycle of penetration testing engagements – from scoping, through threat modeling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting. Your engagements will include internal, external, web, mobile, thick applications and additional environments.

As a Penetration Tester you will be responsible for working closely with other teams at Amazon, while testing their application environments. You will exhibit a strong sense of customer obsession while working with those teams in a consulting facility. You will be providing deep security expertise and insight to correctly identify and reflect the security risks and vulnerabilities while working with them on remediation strategies.

Job Responsibilities
– Perform full cycle engagements of penetration testing on business units independently, or as part of a team.
– Configure, run and monitor automated security testing tools
– Perform manual validation of vulnerabilities
– Perform manual penetration testing of client systems, web sites and networks to discover vulnerabilities
– Thoroughly document exploit chain/proof of concept scenarios for client consumption
– Communication skillset to influence SVPs, VPs, Directors, and Domain Managers to prioritize and execute remediation plans
– Ability to develop innovative tools, solutions, processes which scale across a &gt100,000 resource global organization

Basic Qualifications

– Programming experience in Python, PHP, Perl, Ruby, .NET or other interpreted or compiled languages
– Familiarity with vulnerability assessment and penetration best practices
– Experience with vulnerability and penetration testing techniques and tools
– Security testing tools including Metasploit, Nmap, Nessus, Burp Suite
– Linux operating systems
– Microsoft technologies
– Mobile application programming and/or security testing
– Wireless technologies
– Web application technologies
– Source code analysis software
– Intermediate to advanced Microsoft Office Suite (i.e., Word, Excel, PowerPoint)

Preferred Qualifications

– Network implementation (operational and security)
– Telephony Technologies (analog and IP)
– Social engineering
– Physical security
– Hardware hacking

Source

Leave a Comment

Your email address will not be published. Required fields are marked *