Senior Security Engineer, Audible Security

At Audible, we believe stories have the power to transform lives. It’s why we work with some of the world’s leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire each other. Imagine your future with us.

ABOUT THIS ROLE
As a Senior Security Engineer at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers, Application Developers, System Engineers, and Business Stakeholders to protect our customers and Audible’s business.

ABOUT THE TEAM
Audible Information Security team is looking for an experienced Senior Security Engineer to join our world class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications and data assets.

As a Senior Security Engineer, you will...
- Contribute to designing, implementing, and executing security review and test methodologies for recurring testing of critical production services
- Partner with service teams to ensure risks are remediated
- Conduct design review, threat modeling, security review, and penetration testing on production systems
- Scope and perform penetration testing and vulnerability research on complex proprietary software and hardware
- Collaborate with internal development teams at Audible and Amazon to enhance security tooling and functionality at scale
- Prepare and present detailed, written technical information for internal and external audiences
- Participate in third party security risk assessments and due diligence (including helping to secure third-party integrations and partnerships)
- Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners

ABOUT AUDIBLE
Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.

Basic Qualifications

- Bachelor's degree in Computer Science or related field or equivalent experience
- 3+ years of relevant work experience, such as application security reviews, security engineering, security analysis, incident response, third party security and risk assessments, data loss prevention, insider threat
- Experienced in using standard Security Assessment and Penetration Testing tools such as BurpSuite
- Experienced with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy).
- Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).

Preferred Qualifications

- Experience partnering with development teams and the ability to explain the remediation findings to product owners
- Understanding threat modeling and risk identification techniques
- Knowledge of web application and system security vulnerabilities
- Proficiency auditing Java code to identify bugs
- Proficient scripting skills with Perl, Python, or Java
- Familiarity with common attack patterns and exploitation techniques
- Experience with methodologies such as fuzzing and static/dynamic code analysis
- Experience developing functional exploits for common vulnerabilities (e.g., stack overflow, cross-site scripting, SQL injection)
- Experience with AWS or similar cloud computing platforms
- Experience designing and implementing technical security controls
- Experience participating in Bug Bounty programs

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.