Remote Bug Bounty Security Engineer Job in Washington DC-Baltimore Amazon Web Services (AWS)

Who you are

• 5+ years experience in application security, incident response, or vulnerability management roles
• 5+ years of experience in Information Security related domains, security fundamentals, common application vulnerabilities, application attack vectors, methodologies, tools, threat modeling, code auditing, web application penetration testing, web services pentesting
• 5+ years of experience driving Information Security initiatives across large diverse organizations communicating with technical and non-technical partners and senior leadership
• Minimum of 5 years professional experience with 2 or more areas of security engineering practices such as web application security, authentication and authorization protocols, automation
• Experience with AWS technologies and services like S3, Lambda, EC2, KMS, IAM

Desirables

• Ownership
• Self-motivation
• Deliver results in ambiguous environments
• Drive remediation/mitigation of security issues
• Report metrics for service, program effectiveness
• Knowledge of adversary TTPs

What the job involves

• Work with customers, AWS and Amazon teams to secure public facing services, applications, websites
• Solicit identification of vulnerabilities from customers, researchers
• Ensure vulnerabilities are remediated urgently partnering with service teams
• Improve security of Amazon’s software development life-cycle through disclosure and mitigation
• Influence direction and evolution of the Bug Bounty Program and collaborate to maintain Amazon’s high security bar
• Develop external messaging for researchers, customers to ensure transparency