Systems Security Engineer, Amazon Cyber Threat Intelligence
Amazon.com
We are open to hiring candidates to work out of one of the following locations:
Annapolis Junction, MD, USA | Arlington, VA, USA | Austin, TX, USA | Herndon, VA, USA | New York, NY, USA | Seattle, WA, USA
Amazon is seeking an innovative Security Engineer to join the Amazon Cyber Threat Intelligence (ACTI) team as a Cyber Threat Exploitation Engineer where you will leverage your in-depth knowledge and analysis of emergent exploits, exploit frameworks, and vulnerabilities to identify novel threat actors, discover attacks against Amazon, AWS and its customers. ACTI is responsible to identify, curate, and report timely, accurate, and actionable threat intelligence. ACTI delivers cyber threat intelligence to Amazon and AWS leadership, service teams, partners, and both internal and external customers.
In the Cyber Threat Exploitation Engineer role you will formulate new analytic techniques and work across teams to drive the supporting capabilities. A deep understanding of advanced actor tactics, techniques, and procedures (TTPs) is required, as well as how those TTP’s will present themselves in network-based and host-based logs derived from software, operating systems, networks, cloud infrastructure, networking equipment, and web applications. In addition, you will script and help automate recurring tasks to improve the overall effectiveness of the intelligence and how it is utilized throughout Amazon and AWS. Beyond direct technical work on exploits, vulnerability research, and threat intelligence, the Cyber Threat Exploitation Engineer will steer strategic direction in the secure design of AWS services, drive tactical results from red and blue team engagements, coordinate takedowns of malicious infrastructure, and drive effective technical countermeasures.
Key job responsibilities
* Identify, research, and analyze novel vulnerabilities discovered in threat intelligence data, applications, devices, and networks
* Interface with ACTI reverse engineers to provide reversing requirements as well as be able to independently triage malware, analyze exploit samples, and study attack techniques to understand how vulnerabilities are being weaponized
* Pursue actionable intelligence on current exploits, perform deep dive analysis of malicious artifacts related to software exploits, and use that data to identify attacks against Amazon, AWS, and its customers
* Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities
* Create security techniques and automation for internal use that enable the team to operate at high speed and broad scale
* Provide situational awareness on the current threat landscape and the techniques, tactics, and procedures associated with specific threats
* Accurately document ongoing investigations, craft consumable threat intelligence products, and clearly present and communicate emerging threats and high-risk vulnerabilities in operating systems and software libraries, cloud, network devices, and web applications to key stakeholders
* Periodic on-call responsibilities
A day in the life
The successful candidate will work with ACTI's Products and Analysis team to work to find novel exploitation of vulnerabilities in all software. The candidate will use all intelligence, sourced largely from Amazon Web Services Threat Intel (AWS TI) and Threat Intelligence for Global Enterprise Response (TIGER) teams, to invent new ways to identify new threat actors, exploits, vulnerabilities, etc.
Daily tasks will include writing and validating detection rules, reviewing investigations, performing investigations, notifying customers, disrupting threat actors, working with legal, PR, other security teams, and executives to mitigate threat actor activity at the highest level that is actionable. The candidate will have to be able to proof-of-concept new code and workflows.
The Emerging Threats (ET) sub-team, soon to be renamed to the Analytics & Research for Cyber Threat Intelligence Classification (ARCTIC) team. ARCTIC unifies three specialized components: the Exploratory Data Analysis (EDA) team, which explores and defines the instrumentation of datasets for threat intelligence insights and actionable intelligence; the ET team, which explores datasets for threat actor behavior and patterns of malicious activity into classes of malicious activity; and the Vulnerability and Exploits (VEX) team identifies unknown vulnerabilities targeted by threat actors using novel exploits.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Annapolis Junction, MD, USA | Arlington, VA, USA | Austin, TX, USA | Herndon, VA, USA | New York, NY, USA | Seattle, WA, USA
Amazon is seeking an innovative Security Engineer to join the Amazon Cyber Threat Intelligence (ACTI) team as a Cyber Threat Exploitation Engineer where you will leverage your in-depth knowledge and analysis of emergent exploits, exploit frameworks, and vulnerabilities to identify novel threat actors, discover attacks against Amazon, AWS and its customers. ACTI is responsible to identify, curate, and report timely, accurate, and actionable threat intelligence. ACTI delivers cyber threat intelligence to Amazon and AWS leadership, service teams, partners, and both internal and external customers.
In the Cyber Threat Exploitation Engineer role you will formulate new analytic techniques and work across teams to drive the supporting capabilities. A deep understanding of advanced actor tactics, techniques, and procedures (TTPs) is required, as well as how those TTP’s will present themselves in network-based and host-based logs derived from software, operating systems, networks, cloud infrastructure, networking equipment, and web applications. In addition, you will script and help automate recurring tasks to improve the overall effectiveness of the intelligence and how it is utilized throughout Amazon and AWS. Beyond direct technical work on exploits, vulnerability research, and threat intelligence, the Cyber Threat Exploitation Engineer will steer strategic direction in the secure design of AWS services, drive tactical results from red and blue team engagements, coordinate takedowns of malicious infrastructure, and drive effective technical countermeasures.
Key job responsibilities
* Identify, research, and analyze novel vulnerabilities discovered in threat intelligence data, applications, devices, and networks
* Interface with ACTI reverse engineers to provide reversing requirements as well as be able to independently triage malware, analyze exploit samples, and study attack techniques to understand how vulnerabilities are being weaponized
* Pursue actionable intelligence on current exploits, perform deep dive analysis of malicious artifacts related to software exploits, and use that data to identify attacks against Amazon, AWS, and its customers
* Analyze large and unstructured data sets to identify trends and anomalies indicative of malicious activities
* Create security techniques and automation for internal use that enable the team to operate at high speed and broad scale
* Provide situational awareness on the current threat landscape and the techniques, tactics, and procedures associated with specific threats
* Accurately document ongoing investigations, craft consumable threat intelligence products, and clearly present and communicate emerging threats and high-risk vulnerabilities in operating systems and software libraries, cloud, network devices, and web applications to key stakeholders
* Periodic on-call responsibilities
A day in the life
The successful candidate will work with ACTI's Products and Analysis team to work to find novel exploitation of vulnerabilities in all software. The candidate will use all intelligence, sourced largely from Amazon Web Services Threat Intel (AWS TI) and Threat Intelligence for Global Enterprise Response (TIGER) teams, to invent new ways to identify new threat actors, exploits, vulnerabilities, etc.
Daily tasks will include writing and validating detection rules, reviewing investigations, performing investigations, notifying customers, disrupting threat actors, working with legal, PR, other security teams, and executives to mitigate threat actor activity at the highest level that is actionable. The candidate will have to be able to proof-of-concept new code and workflows.
The Emerging Threats (ET) sub-team, soon to be renamed to the Analytics & Research for Cyber Threat Intelligence Classification (ARCTIC) team. ARCTIC unifies three specialized components: the Exploratory Data Analysis (EDA) team, which explores and defines the instrumentation of datasets for threat intelligence insights and actionable intelligence; the ET team, which explores datasets for threat actor behavior and patterns of malicious activity into classes of malicious activity; and the Vulnerability and Exploits (VEX) team identifies unknown vulnerabilities targeted by threat actors using novel exploits.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Confirm your E-mail: Send Email
All Jobs from Amazon.com