Sr Security Engineer, Ads Security

The Ads Security organization at Amazon is dedicated to creating innovative technical solutions that detect, assess, and mitigate security risks within Amazon’s Advertising businesses.

Our vision is to accelerate the development velocity of the Advertising business by ensuring that our products are inherently secure.

We are seeking a talented engineer to join our team, where you will have the opportunity to contribute to securing web applications and services critical to delivering exceptional customer and partner experiences at scale in Amazon Ads.

The ideal candidate will have a robust background in security program management, experience in establishing security standards for cross-cloud deployments, and a deep understanding of cloud security, particularly within AWS platforms.

You will conduct independent security reviews, oversee penetration tests as necessary, and provide guidance to stakeholders on remediation strategies and best practices for integrating security into their application platforms.

Your role will be pivotal in ensuring the protection of customer data and critical infrastructure within the Ads organization.

Key job responsibilities

As a Senior Security Engineer within Amazon’s Ads Security team, you will play a crucial role in ensuring that applications across numerous Ads platforms are designed and executed with the highest security standards to maintain customer trust.

You will tackle a diverse array of security challenges, ranging from novel threats in Ads services to selecting and implementing scalable and secure features such as key management solutions and encrypted storage.

Additionally, you will serve as a subject matter expert, providing guidance to developers on building secure products and fostering a security-conscious culture within the organization.

• Collaborate directly with service and platform owners to advise on security best practices and tool implementation.
• Perform comprehensive security assessments on SaaS implementations, data management systems, and reporting frameworks being used internally by Amazon Ads teams or externally by Amazon Ads customers.
• Coordinate and oversee penetration testing activities for platforms and tools.
• Identify security risks, report findings, and recommend solutions for complex security issues by leveraging existing set of detections and / or design new detections within Amazon’s various security detection frameworks.
• Contribute to fostering a strong security culture at Amazon through knowledge sharing and collaboration.
• Engage in cross-team projects aimed at enhancing the security posture of Amazon and customer data throughout its lifecycle.

A day in the life

Activities in this role include :

• Identifying security issues and risks, review & approve mitigation plans for Ads products.
• Influencing product teams and senior leadership to implement practices that maintain a high security bar.
• Advising teams developing products on the correct components that deliver security features like key management, authentication, encryption, etc.
• Proposing, collaborating & obtaining buy-in on strategic security initiatives.
• Recommending and developing security-focused tools that help product teams prevent security misconfigurations & vulnerabilities in the design & implementation of features.

Look for opportunities to automate, detect and move security to left in SDLC process.

• Developing and interpreting security policies and procedures to form security requirements.
• Developing training that promotes general security awareness and informs developers on how to discover & mitigate security vulnerabilities in their products.
• Deciding which new security tooling and strategies should be pursued for scalable security in service development.
• Supporting incident response activities as a security subject matter expert.

About the team

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply.

If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services.

We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness.

Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work / Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture.

When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

We are open to hiring candidates to work out of one of the following locations :

Bellevue, WA, USA Boston, MA, USA New York, NY, USA

BASIC QUALIFICATIONS

• Bachelor’s degree in Computer Science, Computer Engineering or related field with 5+ years with security engineering experience.
• Demonstrated expertise in secure architecture and design reviews.
• Proven experience in at least one scripting or compiled language such as Java, Python, Perl, JavaScript, Go, Ruby, C# or C / C++
• Deep technical understanding of the OWASP Top 10, and SANS Top 25, as well as vulnerability identification and remediation.
• Proven experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation.

PREFERRED QUALIFICATIONS

• Experience working across different organizations and teams to achieve common security goals.
• Experience with AWS products and services, service-oriented architecture, and web services security
• Detailed knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
• Knowledge of network and web related protocols (e.g., TCP / IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Experience with machine learning and / or generative AI
• Ability to drive multiple technically complex security initiatives while remaining effective at providing security guidance to stakeholders
• Implementation knowledge of cryptographic features like Hashing, Encryption, Signing as well as working knowledge of common software implementations of OpenSSL
30+ days ago