Penetration Testing Manager, Devices & Services Penetration Testing at Amazon.com – US, Virtual

Join our penetration testing team focused on discovering and exploiting vulnerabilities affecting Amazon consumer devices and supporting services. You will lead a team of high-performing penetration testers performing deep and low-level reviews of hardware, bootloaders, radios, secure enclaves, embedded systems, and services including authentication mechanisms, AI, mobile, web applications, and web service APIs.

The Amazon Devices and Services Trust & Security (DSTS) organization was founded in 2014 with the mission of protecting the trust, data, and systems on which Amazon Devices & Services (D&S) customers rely. We protect customers by performing security assessments, offensive testing, vulnerability assessments, incident response, and remediation. We also reduce costs by building and automating security foundations and integrating them into design and release processes. DSTS builds the foundational capabilities that raise the bar across the organization for the growing diversity of D&S businesses—securing more than 100 device types, 12,000+ applications, and 100+ product lines developed and managed by 16,000+ builders. DSTS provides the security foundation for the builder teams that have produced groundbreaking devices like the Amazon Echo, Astro, Kuiper, Ring Always Home Cam Drone, Fire tablets, and Fire TV. What will you help us create?

Are you interested in joining a world-class security team focused on Amazon’s consumer devices and core Amazon services? Do you want to be part of the penetration testing team dedicated to finding and exploiting vulnerabilities to keep Amazon customers safe? Your work will directly impact the way our customers, teams, and businesses around the world get things done. If you want to protect the millions of Amazon customers who rely on Amazon consumer products, we have a job for you!

The penetration testing organization is growing and is seeking an experienced Manager to lead one of our internal penetration testing teams. In this role, you will lead a team of highly skilled penetration testers to assess Amazon devices, services, applications, and websites; and collaborate with other security and engineering teams to remediate weaknesses and tighten our software development cycle. This role offers challenging leadership and technical opportunities, but will also be a lot of fun if hacking Amazon sounds exciting to you!

You will focus on utilizing your technical leadership skills to continually guide the direction and evolution of the team and orchestrate penetration testing engagements to raise Amazon’s high security bar. Additionally, you will drive your team’s strategic initiatives by influencing key stakeholders and collaborating with teams across Amazon to enable the implementation of innovative security solutions and controls to enhance Amazon’s security and software development posture. You will be supported by a team of highly skilled penetration testers focused on attacking Amazon from a variety of perspectives, all with a singular focus on maintaining the trust of our customers. You must also navigate ambiguous situations with calmness and tact. Above all, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers safe.

Main Responsibilities of the Job
* Lead, manage and develop a high performing penetration testing team across multiple locations
* Manage and coordinate complex penetration testing projects involving multiple penetration testers, technology stacks, and development teams
* Lead the strategic direction and evolution of the Penetration Testing Team, including goal setting and prioritization
* Drive strategic initiatives by influencing leadership, key stakeholders, and collaborating with teams across Amazon
* Lead effective teamwork, communication, collaboration and engagement across multiple diverse groups with competing priorities
* Lead improvements to the internal program and process
* Write and deliver high quality documents for technical and non-technical audiences

About the team
The internal penetration testing team is part of the Devices and Services Trust & Security organization, which is responsible for the full SDLC, vulnerability management, incident response, and overall security of Amazon Consumer Devices & Services (Kindle, Ring, FireOS, Kuiper, Alexa, eero, and more). The internal penetration testing team is responsible for assessing these products, with a focus on penetration testing, fuzzing, and vulnerability research.
While the majority of our security team is based in the US, your application will be considered for all locations where we recruit globally. However, candidates should be aware that they will need to allow time in the US for essential meetings.

Our team values ​​work-life balance. Finding a healthy balance between your personal and professional life is crucial to your happiness and success here. That’s why we don’t focus on how many hours you spend at work or online. Instead, we like to offer you a flexible schedule so you can have a more productive and balanced life both inside and outside of work.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we build an environment that celebrates knowledge sharing and mentorship. We care about career growth and strive to assign projects based on what will help each team member develop into a more well-rounded engineer and enable them to take on more complex tasks in the future.

Basic qualifications

– 3+ years of experience in a managerial role in technical security (people manager)
– 5+ years of experience in information security related domains, with knowledge of security fundamentals, application vulnerabilities, application attack vectors, penetration testing methodologies and tools
– 3+ years of experience leading information security initiatives in large, diverse organizations
– Experience communicating with a wide range of technical and non-technical partners and senior executives
– BA/BS in Computer Science or 4+ years of relevant experience

Desired qualifications

– The ability to exercise sound judgment, solve problems and make decisions in the face of ambiguity and incomplete knowledge
– Ability to write effective communications with sharp analytical skills and attention to detail
– Ability to manage multiple competing priorities and deliver results in a fast-paced, deadline-driven environment
– Experience collecting and reporting statistics to measure the effectiveness and consistency of services and programs
– Knowledge of and experience in penetration testing the embedded device ecosystem, including operating systems, firmware, bootloaders, Bluetooth, WiFi, web service APIs, etc.
– Experience with cloud service providers and their offerings, preferably AWS, and their various technologies and services
– Experience in designing and assessing secure system architectures using Threat Modeling, integrating advanced and modern attacks

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate based on race, national origin, sex, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

Los Angeles County Applicants: Responsibilities for this position include: working safely and cooperatively with other employees, supervisors, and staff; adhering to standards of excellence despite stressful conditions; communicating effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and complying with all federal, state, and local laws and company policies. A criminal record may directly, negatively, and adversely relate to some of the material duties of this position. These include the duties and responsibilities listed above, as well as the ability to adhere to company policies, exercise sound judgment, manage stress effectively, and work safely and respectfully with others, demonstrate trustworthiness and professionalism, and protect the company’s operations and reputation. In accordance with the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with criminal and criminal records.

In accordance with the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with criminal or criminal records.

Our compensation reflects the cost of employment in various geographic markets across the U.S. The base salary for this position ranges from $157,600/year in our lowest geographic market to $272,400/year in our highest geographic market. Salary is based on a number of factors, including market location, and may vary based on knowledge, skills, and experience of the position. Amazon is a total compensation company. Depending on the position offered, stock, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, visit https://www.aboutamazon.com/workplace/employee-benefits. This position remains open until filled. Applicants should apply through our internal or external careers site.