77 Vulnerability Management jobs in Seattle

Company Overview
With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we're only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.
At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all.
Here, we know that you're more than your work. That's why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose - a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If you're passionate about our purpose - people -then we can't wait to support whatever gives you purpose. We're united by purpose, inspired by you.
**This position may perform work with the U.S. government therefore**
+ **Ideal candidate should be a U.S. Citizen**
+ **Existing or previous Government Security Clearance preferred, or ability to obtain appropriate security clearance is required**
We are a rapidly scaling SaaS company serving a global customer base across diverse industries. Security is a top priority, and we are building a mature and proactive program to protect our platform, data, and customers. With a large and distributed engineering organization, we are looking for a Security Vulnerability Management Lead who can bridge the gap between security and development at scale.
About the Role:
As the Security Vulnerability Management Lead, you will own and evolve our end-to-end vulnerability management strategy across both product/application layers and infrastructure (cloud and on-prem). You will work closely with engineering, DevOps, SRE, and product teams to ensure vulnerabilities are discovered, assessed, and addressed quickly and effectively - without disrupting innovation. You'll lead a small but impactful team, use data to drive prioritization, and embed scalable security practices into our engineering workflows.
Key Responsibilities:
+ Lead the vulnerability management program across SaaS application layers (code, APIs, containers, dependencies) and supporting infrastructure (cloud services, VMs, networks).
+ Work with the DevSecOps team to integrate vulnerability detection into CI/CD pipelines and development workflows, enabling shift-left security without friction.
+ Collaborate with thousands of engineers across multiple teams to contextualize and prioritize vulnerabilities based on business impact and threat intelligence.
+ Good understanding of the vulnerability management tool stack, including SAST, DAST, container scanning, dependency scanning, and infrastructure scanning tools (e.g., Checkmarx One, Rapid7, Wiz, etc.).
+ Drive remediation SLAs and reporting in coordination with Product and Engineering leadership.
+ Design and deliver clear, actionable dashboards and reports for engineers, executives, and risk/compliance stakeholders.
+ Partner with DevSecOps, Security Architecture, Security Engineering, and GRC teams to align on enterprise risk and compliance goals.
+ Mentor a small team of vulnerability analysts or engineers, while scaling the function through automation and self-service where possible.
Required Qualifications:
+ 7-10 years of cybersecurity experience with deep knowledge of vulnerability management in SaaS or tech-native environments.
+ Expertise in both application and infrastructure vulnerabilities, including hands-on familiarity with OWASP Top 10, CVEs, insecure cloud configurations, container risks, and supply chain vulnerabilities.
+ Solid understanding of modern software development practices, CI/CD pipelines, microservices, and cloud-native infrastructure (GCP, AWS, Kubernetes, Terraform, etc.).
+ Demonstrated experience working closely with large engineering organizations and influencing security culture in a fast-paced dev environment.
+ Experience managing security tools and integrating them into automated engineering workflows.
+ Strong analytical, communication, and project management skills.
Preferred Qualifications:
+ Previous experience in a SaaS company with a multi-cloud or cloud-native environment.
+ Security certifications such as CISSP, CSSLP, or cloud-specific certs (e.g., AWS Security Specialty).
+ Experience with vulnerability correlation, risk scoring models, or threat-based prioritization approaches.
+ Familiarity with frameworks like NIST CSF, SOC 2, or ISO 27001.
Where we're going
UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet it's our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow!
Equal Opportunity Employer
UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories.
View The EEO Know Your Rights poster ( participates in E-Verify. View the E-Verify posters here ( .
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
Disability Accommodation in the Application and Interview Process
For individuals with disabilities that need additional assistance at any point in the application and interview process, please email .
The pay range for this position is $112,300.00 to $161,400.00 USD, however, base pay offered may vary depending on skills, experience, job-related knowledge and location. This position is also eligible for a short-term incentive and a long-term incentive as part of total compensation. Information about UKG's comprehensive benefits can be reviewed on our careers site at ( is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities.

Company Overview
With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we're only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.
At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all.
Here, we know that you're more than your work. That's why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose - a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If you're passionate about our purpose - people -then we can't wait to support whatever gives you purpose. We're united by purpose, inspired by you.
We are a rapidly scaling SaaS company serving a global customer base across diverse industries. Security is a top priority, and we are building a mature and proactive program to protect our platform, data, and customers. With a large and distributed engineering organization, we are looking for a Lead, Vulnerability Management Analyst, who can bridge the gap between security and development at scale.
Role Summary:
As the Lead for vulnerability management, you will be responsible for shaping and advancing our comprehensive strategy for identifying and mitigating vulnerabilities across both application/product layers and infrastructure-whether in the cloud or on-premises. You'll collaborate closely with engineering, DevOps, SRE, and product teams to ensure vulnerabilities are swiftly identified, evaluated, and resolved, all while maintaining the pace of innovation. Your role will also involve leveraging data to drive prioritization and integrating scalable security practices directly into our engineering processes.
Key Responsibilities:
- Lead the vulnerability management program across SaaS application layers (code, APIs, containers, dependencies) and supporting infrastructure (cloud services, VMs, networks).
- Conduct security research on cloud and AI to ensure a strong code-level skillset around OWASP top 10 and similar vulnerabilities, and be comfortable presenting results.
- Work with the DevSecOps team to integrate vulnerability detection into CI/CD pipelines and development workflows, enabling shift-left security without friction.
- Collaborate with thousands of engineers across multiple teams to contextualize and prioritize vulnerabilities based on business impact and threat intelligence.
- Good understanding of the vulnerability management tool stack, including SAST, DAST, container scanning, dependency scanning, and infrastructure scanning tools (e.g., Checkmarx One, Rapid7, Wiz, etc.).
- Drive remediation SLAs and reporting in coordination with Product and Engineering leadership.
- Design and deliver clear, actionable dashboards and reports for engineers, executives, and risk/compliance stakeholders.
- Partner with DevSecOps, Security Architecture, Security Engineering, and GRC teams to align on enterprise risk and compliance goals.
- Mentor vulnerability analysts or engineers, while scaling the vulnerability management function through automation and self-service where possible.
Required Qualifications:
- 7+ years of cybersecurity experience with deep knowledge of vulnerability management in SaaS or tech-native environments.
- Expertise in both application and infrastructure vulnerabilities, including hands-on familiarity with OWASP Top 10, CVEs, insecure cloud configurations, container risks, and supply chain vulnerabilities.
- Solid understanding of modern software development practices, CI/CD pipelines, micro services, and cloud-native infrastructure (GCP, AWS, Kubernetes, Terraform, etc.).
- Demonstrated experience working closely with large engineering organizations and influencing security culture in a fast-paced dev environment.
- Experience managing security tools and integrating them into automated engineering workflows.
- Strong analytical, communication, and project management skills.
Preferred Qualifications:
- Previous experience in a SaaS company with a multi-cloud or cloud-native environment.
- Security certifications such as CISSP, CSSLP, or cloud-specific certs (e.g., AWS Security Specialty).
- Experience with vulnerability correlation, risk scoring models, or threat-based prioritization approaches.
- Familiarity with frameworks like NIST CSF, SOC 2, or ISO 27001.
Where we're going
UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet it's our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow!
Equal Opportunity Employer?
UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories.
View The EEO Know Your Rights poster ( ?
UKG participates in E-Verify. View the E-Verify posters here ( ?
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability?
Disability Accommodation in the Application and Interview Process
For individuals with disabilities that need additional assistance at any point in the application and interview process, please email ?
The pay range for this position is $112,300 to $161,400, however, base pay offered may vary depending on skills, experience, job-related knowledge and location. This position is also eligible for a short-term incentive and a long-term incentive as part of total compensation. Information about UKG's comprehensive benefits can be reviewed on our careers site at ( is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities.

Description

Amazon Web Services (AWS) is looking for a passionate, innovative, and motivated Security Engineer for the AWS Security Vulnerability Management team. At Amazon Web Services (AWS), Security is job zero. Our team is responsible for inventing new security services that enable and automate security solutions at AWS' unprecedented scale. We are data-driven, set big goals, and are always challenging ourselves raise the security bar at AWS.

In this role, you will be part of a team of security engineers solving complex security challenges that have direct and measurable impact on our customers. Our programs stretch across all of AWS, giving you the opportunity to interact with product teams, industry specialists, security partners, and organization leaders. You will build and own software solutions and solve ambiguous technical problems.

Key job responsibilities

Build and implement solutions to identify software based risks in AWS services. Perform vulnerability and impact assessments taking into account base, temporal, and environmental factors. Query, analyze, and report on large datasets. Work with a team of software and security engineers that design, build, and own software solutions that solve complex security challenges for AWS and our customers. Diving into large datasets to identify potential risks.

Perform severity assessments of software vulnerabilities. Work with software builders to apply environmental context against findings to adjust risk scores. Implement automation to improve operational throughput and efficiency.

Work with partner teams to propose and implement functionality to reduce risks at scale.

A day in the life

You will begin by assessing critical vulnerabilities across container workloads and emerging assets like IoT devices, firmware, and AI systems. Next, you'll collaborate with various product teams to enhance scanning methodologies and remediation strategies. You'll conduct deep dives with system owners to improve automation processes and reduce false positives. Later, you'll mentor junior engineers on security evaluations for corporate assets and containerized environments. You'll develop KPIs to measure security improvements and reduced builder impact. Finally, you'll update runbooks and strategize ways to elevate security standards while minimizing toil for builder teams across diverse and unconventional asset types.

About the team

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.

Basic Qualifications

• 6+ years of experience in identifying security issues and risks, and developing mitigation plans

• 4+ years of experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services

• 4+ years of scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages

• 2+ years of experience in one or more of the following areas: cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments

Preferred Qualifications

• Understanding of cloud computing services/deployment architecture

• Experience in innovative security approaches in non-traditional IT environments

• Experience generating automated metrics to measure service and program effectiveness and consistency

• Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences

• Experience in the development of security products

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Description
Amazon Web Services (AWS) is looking for a passionate, innovative, and motivated Security Engineer for the AWS Security Vulnerability Management team. At Amazon Web Services (AWS), Security is job zero. Our team is responsible for inventing new security services that enable and automate security solutions at AWS' unprecedented scale. We are data-driven, set big goals, and are always challenging ourselves raise the security bar at AWS.
In this role, you will be part of a team of security engineers solving complex security challenges that have direct and measurable impact on our customers. Our programs stretch across all of AWS, giving you the opportunity to interact with product teams, industry specialists, security partners, and organization leaders. You will build and own software solutions and solve ambiguous technical problems.
Key job responsibilities
Build and implement solutions to identify software based risks in AWS services. Perform vulnerability and impact assessments taking into account base, temporal, and environmental factors. Query, analyze, and report on large datasets. Work with a team of software and security engineers that design, build, and own software solutions that solve complex security challenges for AWS and our customers. Diving into large datasets to identify potential risks.
Perform severity assessments of software vulnerabilities. Work with software builders to apply environmental context against findings to adjust risk scores. Implement automation to improve operational throughput and efficiency.
Work with partner teams to propose and implement functionality to reduce risks at scale.
A day in the life
You will begin by assessing critical vulnerabilities across container workloads and emerging assets like IoT devices, firmware, and AI systems. Next, you'll collaborate with various product teams to enhance scanning methodologies and remediation strategies. You'll conduct deep dives with system owners to improve automation processes and reduce false positives. Later, you'll mentor junior engineers on security evaluations for corporate assets and containerized environments. You'll develop KPIs to measure security improvements and reduced builder impact. Finally, you'll update runbooks and strategize ways to elevate security standards while minimizing toil for builder teams across diverse and unconventional asset types.
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Basic Qualifications
- 6+ years of experience in identifying security issues and risks, and developing mitigation plans
- 4+ years of experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services
- 4+ years of scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages
- 2+ years of experience in one or more of the following areas: cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments
Preferred Qualifications
- Understanding of cloud computing services/deployment architecture
- Experience in innovative security approaches in non-traditional IT environments
- Experience generating automated metrics to measure service and program effectiveness and consistency
- Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences
- Experience in the development of security products
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Description
Amazon Web Services (AWS) Security is looking for a passionate and innovative Sr. Security Engineer for the AWS Vulnerability Management team. At AWS, security is job zero. The AWS Vulnerability Management team continuously raises the bar for security at AWS. We combine intelligence, cybersecurity skills, risk management techniques, and technical expertise to keep our customers and the cloud secure. Our team offers the unique opportunity to work with leading industry security experts and engage across AWS service teams and leadership. We are data-driven, set big goals, and are always challenging ourselves and each other to identify better solutions and take on new challenges.
As a Sr. Security Engineer in AWS Vulnerability Management, you will work on a team of security engineers, software developers, and technical program managers. You will interpret and triage vulnerability disclosures, collaborate with subject matter experts across AWS on technical solutions, and drive remediation activities across AWS's unprecedented scale.
Key job responsibilities
- Become a subject matter expert in Host OS domain in AWS Vulnerability Management focusing on Linux based operating systems
- Own and coordinate large-scale remediation or triage campaigns, including reporting to AWS Security leadership.
- Be a VM technical lead, providing support and mentorship to less experienced team members in day to day operations
- Research and interpret OS-level vulnerability disclosures, focusing on Kernel, system packages, and OS component vulnerabilities
- Author risk assessment statements, remediation guidance, and status reports
- Partner with product teams across Amazon to develop scalable solutions to security vulnerabilities
- Design and develop tooling to automate and refine vulnerability management processes
- Periodic on-call responsibilities
About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Basic Qualifications
- BS degree in Computer Science, Computer Engineering, Information Systems or related degree; or 6+ years equivalent technology experience.
- 4+ years experience in Linux system and security, including patch management and OS hardening.
- 4+ years experience in threat modeling and interpreting OS-level vulnerability disclosures.
- 4+ years experience building automated tools in C, C++, Java, Python, Perl, PowerShell, or Ruby.
Preferred Qualifications
- Experience in vulnerability management or security operations.
- Experience leading OS security initiatives and mentoring team members on patch management.
- Experience affecting change across complex environments.
- Strong understanding of Linux kernel architecture, package management systems, and system internals.
- Experience with AWS infrastructure services and security controls.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Description

Amazon is seeking a Security Engineer to join the AVM (AWS Vulnerability Management) organization. Our organization is accountable for the end-to-end software vulnerability lifecycle across all aspects of AWS. We are responsible for building the platform that monitors intelligence, detects vulnerabilities, drives remediation response, and drives innovation to meet the scale and demand of all AWS customers. Working with teams such as EC2, S3, RDS, CloudHSM, Containers, and Amazon Linux requires us to dive deep into all aspects of first- and third-party software across AWS including Operating Systems, firmware, databases, service/system hardening, cryptography, and audit analysis. We are passionate about diving deep to identify and build solutions that keep our customers safe.

As a security engineer, you will help define and execute short-term and long-term strategy for vulnerability remediation. You're well-known for your excellent prioritization skills, as well as your ability to communicate at all levels of an organization (technical and non-technical). The successful candidate must be autonomous, comfortable operating in highly ambiguous situations, and relish the idea of solving security problems at scale.

The successful candidate is one who loves working directly with software developers to understand their needs, and design security systems and solutions that enable developers to operate more effectively, securely and safely. You will have the opportunity to engage with systems that are at the cutting edge of technology. You will work directly with AWS service teams, partner security teams, and administrative teams to identify opportunities to improve our security posture. You will build tooling, drive process improvements, and work with service owners and cutting-edge technology to develop innovative solutions to complex technical challenges.

The role can be located in Seattle, WA

Key job responsibilities

Research and interpret vulnerability disclosures and intelligence

Own and coordinate vulnerability assessment and triage activities with subject-matter experts across AWS

Own workstreams during large-scale remediation or triage campaigns.

Author risk assessment statements, remediation guidance, and status reports

Partner with product teams across Amazon to develop scalable solutions to security vulnerabilities

Develop tooling to automate and refine vulnerability management processes

Periodic on-call responsibilities.

A day in the life

AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Our team drives large scale, long-term programs across all of AWS.

About the team

Our organization is accountable for the end-to-end software vulnerability lifecycle across all AWS.

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.

Basic Qualifications

• BS degree in Computer Science, Computer Engineering, Information Systems or related degree; or 4+ years equivalent technology experience

• 3 years experience in system, network, and/or application security

• 3 years experience in threat modeling and interpreting vulnerability disclosures

• 2 years experience building automated tools in C, C++, Java, Python, Perl, PowerShell, or Ruby

• Strong understanding of Windows and Linux internals and system design.

Preferred Qualifications

• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience

• Experience with AWS products and services

• Experience with programming languages such as Python, Java, C+Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Description
Amazon is seeking a Security Engineer to join the AVM (AWS Vulnerability Management) organization. Our organization is accountable for the end-to-end software vulnerability lifecycle across all aspects of AWS. We are responsible for building the platform that monitors intelligence, detects vulnerabilities, drives remediation response, and drives innovation to meet the scale and demand of all AWS customers. Working with teams such as EC2, S3, RDS, CloudHSM, Containers, and Amazon Linux requires us to dive deep into all aspects of first- and third-party software across AWS including Operating Systems, firmware, databases, service/system hardening, cryptography, and audit analysis. We are passionate about diving deep to identify and build solutions that keep our customers safe.
As a security engineer, you will help define and execute short-term and long-term strategy for vulnerability remediation. You're well-known for your excellent prioritization skills, as well as your ability to communicate at all levels of an organization (technical and non-technical). The successful candidate must be autonomous, comfortable operating in highly ambiguous situations, and relish the idea of solving security problems at scale.
The successful candidate is one who loves working directly with software developers to understand their needs, and design security systems and solutions that enable developers to operate more effectively, securely and safely. You will have the opportunity to engage with systems that are at the cutting edge of technology. You will work directly with AWS service teams, partner security teams, and administrative teams to identify opportunities to improve our security posture. You will build tooling, drive process improvements, and work with service owners and cutting-edge technology to develop innovative solutions to complex technical challenges.
The role can be located in Seattle, WA
Key job responsibilities
Research and interpret vulnerability disclosures and intelligence
Own and coordinate vulnerability assessment and triage activities with subject-matter experts across AWS
Own workstreams during large-scale remediation or triage campaigns.
Author risk assessment statements, remediation guidance, and status reports
Partner with product teams across Amazon to develop scalable solutions to security vulnerabilities
Develop tooling to automate and refine vulnerability management processes
Periodic on-call responsibilities.
A day in the life
AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Our team drives large scale, long-term programs across all of AWS.
About the team
Our organization is accountable for the end-to-end software vulnerability lifecycle across all AWS.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.
Basic Qualifications
- BS degree in Computer Science, Computer Engineering, Information Systems or related degree; or 4+ years equivalent technology experience
- 3 years experience in system, network, and/or application security
- 3 years experience in threat modeling and interpreting vulnerability disclosures
- 2 years experience building automated tools in C, C++, Java, Python, Perl, PowerShell, or Ruby
- Strong understanding of Windows and Linux internals and system design.
Preferred Qualifications
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- Experience with AWS products and services
- Experience with programming languages such as Python, Java, C+Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Description

AWS Infrastructure Services owns the design, planning, delivery, and operation of all AWS global infrastructure. In other words, we're the people who keep the cloud running. We support all AWS data centers and all of the servers, storage, networking, power, and cooling equipment that ensure our customers have continual access to the innovation they rely on. We work on the most challenging problems, with thousands of variables impacting the supply chain - and we're looking for talented people who want to help.

You'll join a diverse team of software, hardware, and network engineers, supply chain specialists, security experts, operations managers, and other vital roles. You'll collaborate with people across AWS to help us deliver the highest standards for safety and security while providing seemingly infinite capacity at the lowest possible cost for our customers. And you'll experience an inclusive culture that welcomes bold ideas and empowers you to own them to completion.

The Infrastructure Security Team is responsible for the security and risk management of the AWS Infrastructure. We build systems that detect, assess, and mitigate risk across the global infrastructure and are accountable for keeping the Amazon Infrastructure secure and compliant with customer requirements. The Infrastructure Security Vulnerability Management Team is looking for a Security Engineer to join our dynamic, outcome-driven team. The successful candidate is an owner who can deliver through high performing, diverse teams and who understands all parts of security, software development, deployment, and operations. You must possess strong technical networking, supply chain security and/or data center compliance background, strong verbal and written communication skills, be self-driven, demonstrate high impact and influence across teams, and deliver high quality results in a fast-paced environment. We're looking for leaders who can lead through challenges and seek to shed light on ambiguity. If that is you, Amazon is the place to be as we solve hard problems, make history, and have fun.

Key job responsibilities

You will aid in the development, assessment, and analysis of security outcomes for AWS Infrastructure (networking, supply chain security and/or data center compliance) in accordance with NIST, FedRAMP, ISO and AWS standards.

As a member of the Infrastructure Security Compliance organization, you are expected to be the subject matter expert on regulatory, compliance, legal implications on security risks and opportunities.

Identify and drive mitigation of security risks through formal, deep dive assessment activities

Lead in the identification and application of remediation and mitigation techniques, including the development of monitoring and reporting capabilities for continued compliance.

Lead compliance related discussions both internally, with stakeholders and customers, and externally, representing Infrastructure holistically in audit/regulatory exams.

You will assist technical teams in resolving security issues and concerns and providing contextualization as well to how compliance with various standards and frameworks is achieved.

About the team

ABOUT AWS:

Diverse Experiences

Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.

Why AWS

Amazon Web Services (AWS) is the world's most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating - that's why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve in the cloud.

Inclusive Team Culture

Here at AWS, it's in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.

Mentorship and Career Growth

We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

Basic Qualifications

• 4+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience

• Bachelor's degree in computer science or equivalent

• Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent

• A strong understanding of core internet and networking technologies (routing protocols, network architecture, TCP/IP, etc.)

• Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries

Preferred Qualifications

• CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest- Experience performing risk assessments of vulnerabilities and evaluating mitigating controls in large, complex networks

• Linux systems engineering skills and a solid grasp on operating system fundamentals

• Knowledge of at least one scripting language (Python, Perl, Ruby, etc.)

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.

Description

Amazon Web Services (AWS) is looking for a passionate, innovative, and motivated Security Engineer for the AWS Security Vulnerability Management team. At Amazon Web Services (AWS), Security is job zero. Our team is responsible for inventing new security services that enable and automate security solutions at AWS' unprecedented scale. We are data-driven, set big goals, and are always challenging ourselves raise the security bar at AWS.

In this role, you will be part of a team of security engineers solving complex security challenges that have direct and measurable impact on our customers. Our programs stretch across all of AWS, giving you the opportunity to interact with product teams, industry specialists, security partners, and organization leaders. You will build and own software solutions and solve ambiguous technical problems.

Key job responsibilities

Build and implement solutions to identify software based risks in AWS services.

Perform vulnerability and impact assessments taking into account base, temporal, and environmental factors.

Query, analyze, and report on large datasets.

Work with a team of software and security engineers that design, build, and own software solutions that solve complex security challenges for AWS and our customers.

Diving into large datasets to identify potential risks.

Perform severity assessments of software vulnerabilities.

Work with software builders to apply environmental context against findings to adjust risk scores.

Implement automation to improve operational throughput and efficiency.

Work with partner teams to propose and implement functionality to reduce risks at scale

A day in the life

You will begin by assessing vulnerabilities and security architecture across the Corporate fleet of devices and servers. Next, you'll collaborate with various product teams to enhance scanning methodologies and remediation strategies. You'll conduct deep dives with system owners to improve automation processes and reduce false positives. Later, you'll mentor junior engineers on security evaluations for corporate assets and containerized environments. You'll develop KPIs to measure security improvements and reduced builder impact. Finally, you'll update runbooks and strategize ways to elevate security standards while minimizing toil for builder teams across diverse and asset types.

About the team

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.

Basic Qualifications

• 6+ years of experience in identifying security issues and risks, and developing mitigation plans

• 4+ years of experience in network, system, or software architecture; design, implementation, support, and evaluation of security-focused tools and services

• 4+ years of scripting or programming experience in Ruby, Python, Shell/BASH scripting, Java, C/C++, C*, Perl, or other languages

• 2+ years of experience in one or more of the following areas: cryptography, web and network protocols, data structures and algorithms, software development, threat modelling, pen tests, or vulnerability assessments

Preferred Qualifications

• Understanding of cloud computing services/deployment architecture

• Experience in innovative security approaches in non-traditional IT environments

• Experience generating automated metrics to measure service and program effectiveness and consistency

• Excellent written and verbal communication skills with the ability to present complex technical information in a clear and concise manner to a variety of audiences

• Experience in the development of security products

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site.