Sr Software Security Engineer

Annapurna Labs is looking for a Senior Penetration Testing Security Engineer to join our team in securing our products’ software, firmware and hardware.You will be responsible for conducting manual penetration testing and vulnerability research, creating and maintaining automated fuzzing solutions, documenting penetration testing methodologies, and helping dev-teams add fuzz tests to their development processes. This position will provide you with a challenging opportunity across multiple domains, such as cloud infrastructure (networking, hypervisors, storage), embedded systems and high-end hardware accelerators.This is a leadership role within the AWS Security community and you will be sought out for advice on technical and business issues. A Senior Security Engineer will proactively share knowledge across the Amazon community and will be a key company resource in one or more of the core areas of security. They will lead security reviews of large Amazon projects, while setting standards and defining best practices for the Annapurna Security team.Key job responsibilitiesEngineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Conflicts should be addressed by listening, finding the best way forward, and persuading one’s colleagues. The person in this position will also provide training, advice, and mentorship to other engineers throughout AWS.

Basic Qualifications

* 5+ years of experience in vulnerability research & penetration testing* Produces high quality penetration testing reports and security guidance* 5+ years of experience with security tools development (trigger codes/scanners/fuzzers)* Experience with low-level programming languages (C, Assembler) and Python scripting language* Familiarity with Embedded System Software and Hardware architectures* Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols.

Preferred Qualifications

* Experience using and contributing to fuzzing frameworks such as AFL, libFuzzer* Experience using static-analysis tools such as CBMC, angr, coverity* Experience with reverse engineering* Experience with red teams or CTF (Capture The Flag)* Experience with driving large, company-wide initiatives* Ability to make concrete progress in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability