Amazon.com Services LLC
Systems, Quality, Security Engineering, Systems Security Engineering, amazon security
ApplicationSecurityEngineer
Neural analysis suggests this role is
optimal for Mid+ candidates.
“Application Security Engineer at Amazon.com Services LLC. Skills: Application security, Security reviews, Threat modeling, Penetration testing. Conduct security design reviews. Evaluate architecture documents”
Industry & Context.
Identify vulnerabilities; Identify risks; Identify weaknesses; Identify concerns; Identify issues
What They're Looking For.
Must Have
2+ years web protocols experience, 2+ years common security attacks experience, 2+ years remediation experience, Bachelor's degree in Engineering, Bachelor's degree in Computer Science, Knowledge of system security vulnerabilities, Knowledge of remediation techniques, Experience with penetration testing, Experience with exploit development, Experience with application security architecture, Experience with security code reviews, Experience with security testing, Experience with incident response, Experience with security infrastructure, Experience coding in one language, Experience scripting in one language
Nice to Have
Experience with AWS services, Experience with other cloud offerings, Experience with application security frameworks, Experience with mobile security, Experience with cloud security, Experience with AI security, Experience with identity and access controls, Knowledge of web application development, Knowledge of penetration testing, Knowledge of mobile security, Knowledge of cryptography, Knowledge of public key infrastructure, Knowledge of forensic security, Knowledge of IP security, Knowledge of SSL/TLS, Knowledge of computer viruses, Knowledge of malware, Knowledge of network security, Knowledge of trusted security, Knowledge of trusted execution, Knowledge of threat intelligence, Knowledge of IoT security implications, Knowledge of authentication, Experience scripting with Python, Experience scripting with Perl, Experience scripting with Bash, Experience scripting with PowerShell, Experience triaging security alerts, Experience developing security alerts, Experience automating security response, Experience conducting front-line analysis, Experience providing escalation support
What You'll Do.
Conduct security design reviews
Evaluate architecture documents
Evaluate threat models
Evaluate system designs
Perform threat modeling exercises
Identify attack vectors
Identify security weaknesses
Identify areas of concern
Execute penetration testing
Coordinate penetration testing
Validate security controls
Identify exploitable vulnerabilities
Document security findings
Track security findings
Communicate security findings
Provide remediation guidance
Verify security fixes
Provide security consultation
Identify high-severity issues
Escalate security issues
Maintain documentation of reviews
Maintain documentation of decisions
Maintain documentation of assessments
Leverage automated tools
Leverage internal platforms
How You'll Work.
Team & Collaboration
Work with development teams; Work with service teams
Communication Scope
Communicate findings
Full Job Description
The Application Security (AppSec) Security Engineer is responsible for conducting security assessments and reviews of applications and services to identify vulnerabilities and ensure adherence to security standards. This role works under the guidance of senior engineers to evaluate system designs, perform threat modeling, and validate that services meet the organization's security bar before launch. Key job responsibilities Security Reviews: Conduct security design reviews for new and existing services, evaluating architecture documents, threat models, and system designs for potential security risks Threat Modeling: Perform threat modeling exercises to identify attack vectors, security weaknesses, and areas of concern in application architectures Penetration Testing: Execute or coordinate penetration testing activities to validate security controls and identify exploitable vulnerabilities Finding Management: Document, track, and communicate security findings to service teams, providing clear remediation guidance and verifying fixes Security Guidance: Provide security consultation to development teams on secure coding practices, authentication/authorization mechanisms, cryptographic implementations, and data protection strategies Escalation Support: Identify and escalate high-severity security issues through appropriate channels, ensuring timely remediation aligned with launch timelines Documentation: Maintain clear and thorough documentation of review outcomes, security decisions, and risk assessments Tool Utilization: Leverage automated security scanning tools and internal security platforms to support review activities and improve efficiency About the team Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop
Applying for this Application Security Engineer role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about Amazon.com Services LLC?
Real rants from real employees. Read before you apply.