• Security Engineer, Audible Security

    Amazon (Newark, NJ)


    Description

    At Audible, we believe stories have the power to transform lives. It’s why we work with some of the world’s leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire each other. Imagine your future with us.

    ABOUT THIS ROLE

    As a Security Engineer at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers, Application Developers, System Engineers, and Business Stakeholders to protect our customers and Audible’s business.

    ABOUT THE TEAM

    Audible Information Security team is looking for an experienced Security Engineering Leader to join our world class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications and data assets.

     

    As a Security Engineer, you will...

     

    - Contribute to designing, implementing, and executing security review and test methodologies for recurring testing of critical production services

     

    - Partner with service teams to ensure risks are remediated

     

    - Conduct design review, threat modeling, security review, and penetration testing on production systems

     

    - Scope and perform penetration testing and vulnerability research on complex proprietary software and hardware

     

    - Collaborate with internal development teams at Audible and Amazon to enhance security tooling and functionality at scale

     

    - Prepare and present detailed, written technical information for internal and external audiences

     

    - Participate in third party security risk assessments and due diligence (including helping to secure third-party integrations and partnerships)

     

    - Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners.

    ABOUT AUDIBLE

    Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.

    Basic Qualifications

    - Bachelor's degree in Computer Science or related field or equivalent experience

     

    - 5+ years of relevant work experience, such as application security reviews, security engineering, security analysis, incident response, third party security and risk assessments, data loss prevention, insider threat

     

    - Experience in using standard Security Assessment and Penetration Testing tools such as BurpSuite

     

    - Experience with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy).

     

    - Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).

    Preferred Qualifications

    - Experience working with development teams and demonstrated the ability to clearly explain the remediation of findings to product owners

     

    - Experience working with business teams and senior stakeholders and demonstrated the ability to clearly articulate risks in non-technical terms

     

    - Demonstrated judgment, integrity, business acumen, and communication skills

     

    - Understanding of threat modeling and risk identification techniques

     

    - Knowledge of web application sand system security vulnerabilities and their remediation

     

    - Proficiency in auditing Java code to identify bugs

     

    - Strong scripting skills in languages such as Perl, Python, or Java

     

    - Familiarity with common attack patterns and exploitation techniques

    - Experience with Security Engineering and Assurance methodologies, including fuzzing and static/dynamic code analysis

    - Ability to develop fully functional exploits for common vulnerabilities (e.g., stack overflow, cross-site scripting, SQL injection)

     

    - Experience with Amazon Web Services or similar cloud computing platforms

     

    - Experience in designing and implementing technical security controls at the business division level

     

    - Understanding of technical security challenges faced by large multinational companies

     

    - Participation in Bug Bounty programs

     

    Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

     

    Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.