We are open to hiring in Seattle, WA or Arlington, VA.Would you like the rare opportunity to dig into the security of Amazon's architecture and code base? Would it be exciting to learn about the security controls of Alexa, Amazon.com, or Amazon Robotics? How about the internals of major AWS services like Amazon S3, AWS KMS, and AWS Lambda? Amazon's Internal Offensive Security Research team is looking for a skilled senior security engineer to join our team's efforts to help keep Amazon secure by uncovering and exploiting vulnerabilities across Amazon's products and services.This role has a broad scope including source code review, network penetration, and application exploitation. Additionally, the Sr. Security Engineer is expected to design, develop, and execute novel abuse scenarios engineered to push the limits of Amazon's detection processes and capabilities. In this position you will explore a variety of different products and services created by Amazon. You must be able to understand complex technology and business processes to identify the full range of risks that could be exploited.Are you looking for a position that will leverage and grow your vulnerability assessment/exploitation skills, expand your knowledge of technology at scale, and collaborate with some of the best security minds in the industry? Then this is the position for you.Mentorship & Career GrowthWe are dedicated to supporting new members. We have a mix of experience levels and tenures, and we're building an environment that celebrates knowledge sharing and mentorship. Our team members enjoy one-on-one mentoring. We care about your career growth as a passionate learner that is motivated to take on challenges.Key job responsibilities- Perform vulnerability assessments of systems, services, APIs, and networks to discover vulnerabilities- Conduct full cycle engagements with business units as part of a team- Thoroughly document exploit chain/proof of concept scenarios for client consumption- Use interpersonal skills to work across teams and within different areas and groups, demonstrating resilience and ability to navigate difficult situations with composure and tact.- Demonstrate excellent written and verbal communication skills, with ability to concisely summarize technical vulnerabilities and provide actionable recommendations for senior leadership- Learn and operate as part of a team of highly skilled individualsAbout the team- We are the Offensive Security Research team, uncovering security risks and vulnerabilities in infrastructure and services across the entirety of Amazon- Our customers are diverse and cross-functional; they include software engineers, software managers, directors, executive leadership, and the Amazon Board of Directors- Our mission is to partner with our customers to help ensure services delivered by Amazon and AWS are designed and implemented to the highest security standardsWe are open to hiring candidates to work out of one of the following locations:Arlington, VA, USA | Seattle, WA, USA* 5+ years of security engineering experience* Knowledge of threat modeling or other risk identification techniques, and experience with the application of threat modeling or other risk identification techniques* Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits* Experience working with development team(s) that have delivered commercial software or software-based services* Knowledge of network and related web protocols (e.g., TCP/IP, UDP, HTTP/S)* Proven track record of finding vulnerabilities in complex systems, services, and codebases* Bachelor's degree in Computer Science or related field.* 5+ years of experience in penetration testing and/or red teaming on production systems* Development experience in C