AWS Utility Computing (UC) provides product innovations — from foundational services such as Amazon’s Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2), to consistently released new product innovations that continue to set AWS’s services and features apart in the industry. As a member of the UC organization, you’ll support the development and management of Compute, Database, Storage, Internet of Things (IoT), Platform, and Productivity Apps services in AWS. Within AWS UC, Amazon Dedicated Cloud (ADC) roles engage with AWS customers who require specialized security solutions for their cloud services.
Annapurna Labs is looking for a Senior Security Engineer to help ensure that our hardware platforms, software deliverables, and devices are secured against the latest threats. You will be responsible for the security assurance of our products, influencing and scrutinizing design and implementation. Develop elaborate threat models, suggest and review solutions and mitigations. You will lead vulnerability research, penetration testing, automated penetration testing solutions and methodologies such as fuzzing, static analysis and other security checkers. You will mentor service teams in adding security testing tools and practices to their development processes.
Key Responsibilities
A Security Engineer at AWS is expected to be proficient in multiple domains. This is a leadership role within the Annapurna security team and you will be sought out for advice on technical and business issues. Efficient time management skills are required along with the ability to deliver results in the face of uncertainty. A Senior Security Engineer will proactively share knowledge across the Amazon community and will be a key company in one or more of the core areas of security. He will lead security reviews of large Amazon projects while setting standards and defining best practices for AWS Security teams. Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. A broad understanding of the AWS business and its interconnections is required. This position will also provide training, advice, and mentorship to other engineers throughout AWS.
Basic Qualifications

5+ years of low-level systems security research and vulnerability testing experience
Experience developing security tools (fuzzers, scanners, analysis frameworks)
Security architecture design and threat modeling experience
Proficiency in C and experience with Python
Deep knowledge of security aspects of ARM/x86 processor architectures
Strong understanding of hardware security (secure boot, cryptographic implementations, side-channel attacks)
Knowledge of security protocols and cryptographic primitives
Technical English proficiency

Preferred Qualifications

Background in firmware reverse engineering and vulnerability research
Experience with fuzzing frameworks (AFL++, libFuzzer, Syzkaller)
Knowledge of virtualization security or hypervisor technologies
Familiarity with AWS services
Technical leadership, mentoring, and cross-functional collaboration
Security publications (research, CVEs)
CTF, bug bounty, or competitive security research background

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
#J-18808-Ljbffr