Have you wanted an opportunity to find security issues in the embedded systems/devices and low level software that enables day to day corporate functions? Are you able to break into embedded systems/devices by exploiting vulnerabilities in wireless, Bluetooth, using fault injections or other attacks? This position will provide you with a unique opportunity to find security issues into every day devices
Device & Services Security (DSS) is the Business Security Team for Amazon Devices. We own the security outcomes and relationship with Devices-org acquired companies. Each acquired company runs its own security program; DSS is the connective tissue that lets Amazon Security understand posture, surface meaningful risk to Amazon leadership, and coordinate on the few areas where the boundary genuinely needs to be crossed (incident response, identity, cross-org data, executive escalation).
Key job responsibilities
The current primary engagement for this role is Zoox, Amazon's autonomous vehicle subsidiary, which is building the first ground-up fully autonomous robotaxi fleet. The role is not Zoox-exclusive: you will be expected to support other organizations in the DSS portfolio as priorities shift, and to bring patterns from one engagement to the next.
Key job responsibilities:
* Creating, updating, and maintaining threat models for a wide variety of software projects
* Manual and Automated Secure Code Review, primarily in Java, Python and Javascript
* Development of security automation tools
* Perform design reviews and risk assessments for new or existing production infrastructure.
* Enhance existing systems to detect mis-configurations within large deployments.
* Security training and outreach for internal development teams
* Security architecture and design guidance
* Independently solve security problems that require novel methods or approaches
* Influence your team’s and partners’ process, priorities, and choices to improve outcomes
A day in the life
As a security engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application’s code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers. You will drive continuous improvement in policy, systems, and tools securing critical data and infrastructure.
You will be the technical owner of how Amazon Security sees a given organization, how risk is captured and reported, and how the small set of cross-org expectations actually get wired up. This is a high-autonomy, high-visibility IC role with direct reach into Amazon Security leadership and acquisition CISOs.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Basic Qualifications
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 3+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Knowledge of industry-based security vulnerabilities and remediation techniques
Preferred Qualifications
- Experience with AWS products and services
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Experience in any combination of the following: application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development
- Experience supporting a security program for a robotics, automotive, autonomous vehicle, or other physical-product company with corporate, data center, lab, and edge environments in scope.
- Compliance fluency: NIST 800-53, CSF 2.0, ISO 27001, SOC 2, or automotive-adjacent frameworks (ISO/SAE 21434, UNECE R155).
- Experience integrating LLM-based tooling into security workflows (triage assistants, evidence collection, control-mapping copilots).
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit
https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, CA, Sunnyvale - 166,600.00 - 212,800.00 USD annually