The Finance Adversarial Threat Emulation (FATE) team is looking for a security engineer to perform red teaming and penetration testing on Finance Operations (e.g., Accounts Payable, Accounts Receivable, Payroll, Procurement, Amazon Travel and Events, and Global Real Estate and Facilities) infrastructure and applications. The scope of this role includes performing end to end full stack engagements - from scoping, to threat modeling, information gathering, discovery, vulnerability exploitation, lateral movement, post-exploitation, and executive reporting. Your engagements will include internal, external, web, mobile, and other environments. You will be responsible for working closely with many teams at Amazon, while testing their application environments. You will exhibit a strong sense of customer obsession and earn trust while working with these teams. You will be providing deep security expertise and insight to correctly identify and explain the security vulnerabilities and impact while working with business teams on remediation strategies.

Key job responsibilities
Perform full stack security testing on business units independently as well as within a team

Perform red team campaigns of client systems, websites, and networks to discover high-quality vulnerabilities

Thoroughly document exploit chain/proof of concept scenarios for client consumption

Identify security monitoring weaknesses and recommend detection improvements

Develop innovative and scalable tools, solutions, and processes to enhance the Offensive Security team’s operations

Communicate with VPs, Directors, and finance and technology leaders to prioritize and execute remediation plans

About the team
Our vision is to make Finance Operations assets the most difficult target to exploit by bad actors. We perform red team engagements and penetration testing on Finance Operations assets, including upstream and downstream systems.