Sr. Security Engineer, Stores Red Team

Amazon

Seattle, WA(remote)

Apply

JOB DETAILS

SKILLS

Amazon Web Services (AWS), Artificial Intelligence (AI), Automation, Business Operations, C++ Programming Language, Campaigns, Cloud Computing, Communication Skills, Computer Science, Computer Security, Computer Services, Corporate Policies, Customer Experience, Customer Support/Service, Develop and Maintain Customers, Establish Priorities, Federal Laws and Regulations, GCP (Good Clinical Practices), Go Programming Language (Golang), Healthcare, Identify Issues, Incident Response, Injections, Java, Leadership, Machine Tool, Mentoring, Microsoft Windows Azure, Open Source, Operations Research, Penetration Testing, Python Programming/Scripting Language, Reporting Skills, Retail, Ruby, Security Attacks, Simulation, State Laws and Regulations, Team Lead/Manager, Wheel/Front-End Loader

LOCATION

Seattle, WA

POSTED

1 day ago

Description Application deadline: Jun 1, 2026 Amazon's STORM Red Team (SDO Threat Operations, Research & Monitoring) is looking for a Senior Security Engineer to join our team of offensive security operators. We hack Amazon's services, infrastructure, AI/ML systems, processes, and controls, then work with defensive and service teams to fix what we find and sharpen detection, prevention, and response capabilities across the company. STORM is a 10-person team that operates with significant autonomy. We choose our own targets, scope our own engagements, and operate across Amazon (retail, devices, entertainment, healthcare, subsidiaries, and more), partnering with the AWS Red Team when our paths overlap. Our scope is expansive and always challenging, with new business areas and attack surfaces constantly emerging across Amazon. We run multi-week adversary emulation campaigns, purple team exercises, shortest-path assessments, and targeted research efforts. The work ranges from emulating nation-state actors against critical infrastructure to testing whether a financially motivated threat group's public playbook would work against us. We report directly into SDO security leadership and our findings regularly reach VP and SVP audiences. This is a fully remote position by design. The team is distributed and operates remotely as a core part of how we work. We're looking for someone who can independently lead Red Team engagements end-to-end, identify and drive remediation of systemic security issues, mentor other operators, and influence security outcomes across organizational boundaries. You'll be working alongside experienced operators on high-impact engagements against Amazon's most critical systems. Key job responsibilities - Lead Red Team engagements end-to-end: scoping, target identification, execution, reporting, and driving remediation with service teams - Build and execute complex, multi-stage attack paths across diverse environments including cloud infrastructure, AI/ML systems, and corporate networks - Identify systemic security issues that span multiple teams and drive ownership, prioritization, and resolution through escalation when needed - Own a functional area on the Red Team (e.g., detection engineering partnership, threat intelligence integration, tooling, response collaboration) and drive it forward - Produce high-quality engagement reports with sufficient background, context, and actionable recommendations for both technical and leadership audiences - Mentor and develop other engineers on the team by overseeing engagements, providing report reviews, and raising the technical bar - Proactively identify valuable engagement targets and drive their prioritization through understanding of Amazon's threat landscape and business context - Collaborate with detection engineering, incident response, and security leadership to translate offensive findings into defensive improvements - Develop and maintain offensive tooling, automation, and methodologies that improve team efficiency - Leverage AI to accelerate offensive workflows and assess AI/ML systems for security weaknesses About the team Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying. Why Amazon Security? At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Inclusive Team Culture In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Training & Career Growth We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve. Basic Qualifications - Knowledge of cloud computing services and deployment architecture - Bachelor's degree in computer science or equivalent, or 6+ years of hands-on Red Team / offensive security experience in lieu of a degree - 5+ years of programming in Python, Ruby, Go, Java, C++, or similar - 5+ years of experience on a Red Team or in offensive security roles (penetration testing, adversary simulation, vulnerability research) - 2+ years of experience leading or technically directing multi-person offensive engagements Preferred Qualifications - Experience leading multi-week adversary emulation campaigns from scoping through remediation - Experience identifying and driving resolution of systemic security issues across organizational boundaries - Experience with cloud-native red teaming (AWS, Azure, or GCP attack paths, privilege escalation, cross-account lateral movement) - Experience assessing or attacking AI/ML systems (prompt injection, agent manipulation, model extraction, training data poisoning, RAG exploitation) - Experience leveraging AI/ML for offensive purposes (automated recon, exploit development, payload generation, building offensive agents) - Published security research, CVEs, conference talks, or open-source offensive tooling Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status. Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company's reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner. The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits . USA, , - 178,400.00 - 226,700.00 USD annually

About the Company

Amazon

INDUSTRY

Other/Not Classified

Resume Resources

Free Resume Templates Free Resume Builder