At Audible, we believe stories have the power to transform lives. It’s why we work with some of the world’s leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire each other. Imagine your future with us.

ABOUT THIS ROLE As a Security Engineer at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers, Application Developers, System Engineers, and Business Stakeholders to protect our customers and Audible’s business.

ABOUT THE TEAM Audible Information Security team is looking for an experienced Security Engineering Leader to join our world class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications and data assets.

As a Security Engineer, you will... - Contribute to designing, implementing, and executing

security review and test methodologies for recurring testing of critical

production services - Partner with service teams to ensure risks are

remediated - Conduct design review, threat modeling, security

review, and penetration testing on production systems - Scope and perform penetration testing and vulnerability

research on complex proprietary software and hardware - Collaborate with internal development teams at Audible

and Amazon to enhance security tooling and functionality at scale - Prepare and present detailed, written technical

information for internal and external audiences - Participate in third party security risk assessments and due diligence (including helping to secure third-party integrations and partnerships) - Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners.

ABOUT AUDIBLE Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.

BASIC QUALIFICATIONS - Bachelor's degree in Computer Science or related field

or equivalent experience - 5+ years of relevant work experience, such as application security reviews, security engineering, security analysis, incident response, third party security and risk assessments, data loss prevention, insider threat - Experience in using standard Security Assessment and

Penetration Testing tools such as BurpSuite - Experience with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy). - Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).

PREFERRED QUALIFICATIONS - Experience working with development teams and

demonstrated the ability to clearly explain the remediation of findings to

product owners - Experience working with business teams and senior stakeholders and demonstrated the ability to clearly articulate risks in non-technical terms - Demonstrated judgment, integrity, business acumen, and

communication skills - Understanding of threat modeling and risk

identification techniques - Knowledge of web application sand system security vulnerabilities and their remediation - Proficiency in auditing Java code to identify bugs - Strong scripting skills in languages such as Perl,

Python, or Java - Familiarity with common attack patterns and

exploitation techniques - Experience with Security Engineering and Assurance

methodologies, including fuzzing and static/dynamic code analysis - Ability to develop fully functional exploits for common

vulnerabilities (e.g., stack overflow, cross-site scripting, SQL

injection) - Experience with Amazon Web Services or similar cloud

computing platforms - Experience in designing and implementing technical

security controls at the business division level - Understanding of technical security challenges faced by

large multinational companies - Participation in Bug Bounty programs

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit

https://amazon.jobs/content/en/how-we-hire/accommodations

for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information,

please visit

https://www.aboutamazon.com/workplace/employee-benefits . This position will remain posted until filled. Applicants should apply via our internal or external career site.