Security Engineer, Devices Security

Amazon Devices is an inventive research and development organization that designs and engineers high-profile consumer electronics. Starting with the best-selling Kindle family of products, Amazon Devices developed and produced ground-breaking devices like Amazon Echo products, Fire tablets, Fire TV, Astro, Ring Doorbells, Blink Cameras and more. What will you help us create?

Key job responsibilities
* Help guide the software development lifecycle of devices at Amazon, from security design, threat modeling to code reviews, security testing and fuzzing
* Be responsible for analyzing the security of the platform components of consumer devices
* Propose, research and develop tools and techniques to improve the security posture of devices at scale
* Provide technical security expertise and consultation to device product teams
* Identify security risks and work with product engineers to create mitigations
* Develop new security policies and procedures
* Empower others to improve their security acumen by promoting awareness and developing training materials

About the team
Amazon Devices and Services Security is responsible for empowering and enabling the organizations of Amazon Devices to develop and build secure products, including responding to public vulnerabilities and reviewing or co-developing security features to protect customers.

Basic Qualifications

- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- Bachelor's degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
- Understanding of OS kernel architecture including device drivers, kernel modules, system call interfaces and privilege management. Experience with security technologies like eBPF for system monitoring, memory analysis tools like Valgrind, and dynamic analysis approaches such as fuzzing and symbolic execution (e.g. KLEE, angr). Knowledge of boot process security and kernel hardening techniques. Code review experience in C/C++.

Preferred Qualifications

- Experience with programming languages such as Python, Java, C++
- Knowledge of Android OS internals, fundamentals of common wireless connectivity protocols (e.g. Bluetooth, WiFi, Zigbee, Thread) and hardware security mechanisms

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.