Key skills
Red Team operationsOffensive securityPenetration testingAdversary simulationVulnerability researchPython programmingRuby programmingGo programmingJava programmingC++ programmingCloud computing servicesAWSAzureGCPAI/ML security assessmentAI/ML offensive techniquesPythonJavaC++CGoRubyAIMLRAGLeadershipMentoringCollaborationPenetration Testing
About this role
Amazon’s STORM Red Team is looking for a Senior Security Engineer to join their team of offensive security operators. This role involves leading Red Team engagements, identifying systemic security issues, and mentoring other engineers while working alongside experienced operators on high-impact engagements against Amazon’s critical systems.
Responsibilities:
- Lead Red Team engagements end-to-end: scoping, target identification, execution, reporting, and driving remediation with service teams
- Build and execute complex, multi-stage attack paths across diverse environments including cloud infrastructure, AI/ML systems, and corporate networks
- Identify systemic security issues that span multiple teams and drive ownership, prioritization, and resolution through escalation when needed
- Own a functional area on the Red Team (e.g., detection engineering partnership, threat intelligence integration, tooling, response collaboration) and drive it forward
- Produce high-quality engagement reports with sufficient background, context, and actionable recommendations for both technical and leadership audiences
- Mentor and develop other engineers on the team by overseeing engagements, providing report reviews, and raising the technical bar
- Proactively identify valuable engagement targets and drive their prioritization through understanding of Amazon’s threat landscape and business context
- Collaborate with detection engineering, incident response, and security leadership to translate offensive findings into defensive improvements
- Develop and maintain offensive tooling, automation, and methodologies that improve team efficiency
- Leverage AI to accelerate offensive workflows and assess AI/ML systems for security weaknesses
Requirements:
- Knowledge of cloud computing services and deployment architecture
- Bachelor's degree in computer science or equivalent, or 6+ years of hands-on Red Team / offensive security experience in lieu of a degree
- 5+ years of programming in Python, Ruby, Go, Java, C++, or similar
- 5+ years of experience on a Red Team or in offensive security roles (penetration testing, adversary simulation, vulnerability research)
- 2+ years of experience leading or technically directing multi-person offensive engagements
- Experience leading multi-week adversary emulation campaigns from scoping through remediation
- Experience identifying and driving resolution of systemic security issues across organizational boundaries
- Experience with cloud-native red teaming (AWS, Azure, or GCP attack paths, privilege escalation, cross-account lateral movement)
- Experience assessing or attacking AI/ML systems (prompt injection, agent manipulation, model extraction, training data poisoning, RAG exploitation)
- Experience leveraging AI/ML for offensive purposes (automated recon, exploit development, payload generation, building offensive agents)
- Published security research, CVEs, conference talks, or open-source offensive tooling