Logo of Huzzle

Home

Matches

Explore

Manage

Offensive Security Engineer, AWS Bug Bounty

image

Amazon

Jul 30, 2024

Applications are closed

  • Job
    Full-time
    Entry Level
  • Arlington

Requirements

  • A Bachelor’s degree in Computer Science, Cybersecurity, similar degree, or equivalent professional experience can be used in lieu of a degree.
  • Minimum of 3 years of experience in security testing (Penetration testing, Vulnerability testing, Red teaming, bug hunting or CTF experience)
  • Minimum of 3 years of experience with manually auditing source code (One or more of: Java, Ruby, Python, JavaScript, Rust, C, others) to find security issues.
  • Minimum of 3 years of experience programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
  • Minimum of 3 years of professional experience with security engineering practices such as in web application security, network security, authentication and authorization protocols, cryptography, automation and other software security disciplines.
  • Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
  • Experience with bug hunting, bug bounties, capture the flag, software development
  • Experience with multiple programming languages

Responsibilities

  • Researching, reproducing, and responding to security vulnerabilities reported through the bug bounty program
  • Technical Escalation
  • Managing relationships with external security researchers working with AWS's bug bounty program
  • Perform deep analysis of new vulnerability classes
  • Driving improvements to team tooling, automation, and processes
  • Influencing and driving program direction
  • Identify and drive resolution of vulnerability trends
  • Attend industry conferences and assist in hosting on-site hack-a-thons and other researcher engagement activities

FAQs

What is the primary responsibility of the Offensive Security Engineer in the AWS Bug Bounty team?

The primary responsibility is to leverage experience and internal knowledge of AWS systems to effectively triage incoming reports related to AWS's 200+ services, act as an escalation point for team members, and conduct thorough investigations of reported vulnerabilities.

What educational background is required for this position?

A Bachelor’s degree in Computer Science, Cybersecurity, or a similar degree is preferred, but equivalent professional experience can be substituted for a degree.

How much experience is necessary in security testing for this role?

A minimum of 3 years of experience in security testing, which includes penetration testing, vulnerability testing, red teaming, bug hunting, or similar activities, is required.

What programming languages should candidates be proficient in for this position?

Candidates should have at least 3 years of experience programming in languages such as Python, Ruby, Go, Swift, Java, .NET, C++, or other similar object-oriented languages.

What type of security engineering experience is expected from applicants?

Applicants should have a minimum of 3 years of professional experience with security engineering practices, including web application security, network security, authentication and authorization protocols, cryptography, and automation.

What is the importance of automation in this role?

Automation is key to scaling and innovation at AWS; in this role, the engineer will be responsible for writing automation to reduce the workload on humans, which includes developing ticketing, reporting, and trend identification automation.

What soft skills are emphasized for this position?

Strong communication skills are necessary for providing excellent customer service, managing relationships with external security researchers, and delivering insights to leadership.

What opportunities for development does this role provide?

The role presents challenging opportunities for professional growth, technological expertise, and leadership development within AWS's Bug Bounty Program.

Is there a focus on diversity within the AWS Bug Bounty team?

Yes, Amazon Security values diverse experiences and encourages candidates from various backgrounds to apply, stating that diverse perspectives are crucial to addressing security challenges.

What kind of relationships will the person in this role need to manage?

The person will need to manage relationships with external security researchers working with AWS's bug bounty program, as well as collaborate closely with internal stakeholders across Amazon.

Are there additional benefits provided with this position?

Yes, the total compensation package may include equity, sign-on payments, and a full range of medical, financial, and other benefits, in addition to the base salary.

image

Amazon

Retail & Consumer Goods
Industry
10,001+
Employees
1994
Founded Year

Mission & Purpose

Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. We are driven by the excitement of building technologies, inventing products, and providing services that change lives. We embrace new ways of doing things, make decisions quickly, and are not afraid to fail. We have the scope and capabilities of a large company, and the spirit and heart of a small one. Together, Amazonians research and develop new technologies from Amazon Web Services to Alexa on behalf of our customers: shoppers, sellers, content creators, and developers around the world. Our mission is to be Earth's most customer-centric company. Our actions, goals, projects, programs, and inventions begin and end with the customer top of mind. You'll also hear us say that at Amazon, it's always "Day 1."​ What do we mean? That our approach remains the same as it was on Amazon's very first day - to make smart, fast decisions, stay nimble, invent, and focus on delighting our customers.