Senior Security Engineer, Audible Security
Audible
Cambridge, MA, USA · New York, NY, USA · Culver City, CA, USA · California, USA · Cambridge, MA, USA · Massachusetts, USA
Posted on Mar 13, 2025
Newark, New Jersey
Culver City, California
Cambridge, Massachusetts
Senior Security Engineer, Audible Security
Technology | Job ID 2921949Job Summary
At Audible, we believe stories have the power to transform lives. It’s why we work with some of the world’s leading creators to produce and share audio storytelling with our millions of global listeners. We are dreamers and inventors who come from a wide range of backgrounds and experiences to empower and inspire each other. Imagine your future with us.
ABOUT THIS ROLE
As a Senior Security Engineer at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers, Application Developers, System Engineers, and Business Stakeholders to protect our customers and Audible’s business.
ABOUT THE TEAM
Audible Information Security team is looking for an experienced Senior Security Engineer to join our world class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications and data assets.
As a Senior Security Engineer, you will...
- Contribute to designing, implementing, and executing security review and test methodologies for recurring testing of critical production services
- Partner with service teams to ensure risks are remediated
- Conduct design review, threat modeling, security review, and penetration testing on production systems
- Scope and perform penetration testing and vulnerability research on complex proprietary software and hardware
- Collaborate with internal development teams at Audible and Amazon to enhance security tooling and functionality at scale
- Prepare and present detailed, written technical information for internal and external audiences
- Participate in third party security risk assessments and due diligence (including helping to secure third-party integrations and partnerships)
- Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners
ABOUT AUDIBLE
Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.
ABOUT THIS ROLE
As a Senior Security Engineer at Audible you will advocate for information security throughout all our software development and business processes. You will work with other Security Engineers, Application Developers, System Engineers, and Business Stakeholders to protect our customers and Audible’s business.
ABOUT THE TEAM
Audible Information Security team is looking for an experienced Senior Security Engineer to join our world class team. We are obsessed with protecting customer trust. We are a hands-on team working to protect our computer networks, servers, applications and data assets.
As a Senior Security Engineer, you will...
- Contribute to designing, implementing, and executing security review and test methodologies for recurring testing of critical production services
- Partner with service teams to ensure risks are remediated
- Conduct design review, threat modeling, security review, and penetration testing on production systems
- Scope and perform penetration testing and vulnerability research on complex proprietary software and hardware
- Collaborate with internal development teams at Audible and Amazon to enhance security tooling and functionality at scale
- Prepare and present detailed, written technical information for internal and external audiences
- Participate in third party security risk assessments and due diligence (including helping to secure third-party integrations and partnerships)
- Provide guidance on risk, compliance, and policy to technical and non-technical internal customers, including security training and outreach to internal teams and external supply chain partners
ABOUT AUDIBLE
Audible is the leading producer and provider of audio storytelling. We spark listeners’ imaginations, offering immersive, cinematic experiences full of inspiration and insight to enrich our customers daily lives. We are a global company with an entrepreneurial spirit. We are dreamers and inventors who are passionate about the positive impact Audible can make for our customers and our neighbors. This spirit courses throughout Audible, supporting a culture of creativity and inclusion built on our People Principles and our mission to build more equitable communities in the cities we call home.
Basic Qualifications
- Bachelor's degree in Computer Science or related field or equivalent experience
- 3+ years of relevant work experience, such as application security reviews, security engineering, security analysis, incident response, third party security and risk assessments, data loss prevention, insider threat
- Experienced in using standard Security Assessment and Penetration Testing tools such as BurpSuite
- Experienced with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy).
- Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).
- 3+ years of relevant work experience, such as application security reviews, security engineering, security analysis, incident response, third party security and risk assessments, data loss prevention, insider threat
- Experienced in using standard Security Assessment and Penetration Testing tools such as BurpSuite
- Experienced with the information security principles and the Common Body of Knowledge (CBK) domains and core technologies (CIA, encryption, identity, authN/authZ, SSO, web protocols, and privacy).
- Experience in advocating security best practices for third party integrations (e.g. with SAAS solutions, third-party libraries, etc.).
Preferred Qualifications
- Experience partnering with development teams and the ability to explain the remediation findings to product owners
- Understanding threat modeling and risk identification techniques
- Knowledge of web application and system security vulnerabilities
- Proficiency auditing Java code to identify bugs
- Proficient scripting skills with Perl, Python, or Java
- Familiarity with common attack patterns and exploitation techniques
- Experience with methodologies such as fuzzing and static/dynamic code analysis
- Experience developing functional exploits for common vulnerabilities (e.g., stack overflow, cross-site scripting, SQL injection)
- Experience with AWS or similar cloud computing platforms
- Experience designing and implementing technical security controls
- Experience participating in Bug Bounty programs
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
- Understanding threat modeling and risk identification techniques
- Knowledge of web application and system security vulnerabilities
- Proficiency auditing Java code to identify bugs
- Proficient scripting skills with Perl, Python, or Java
- Familiarity with common attack patterns and exploitation techniques
- Experience with methodologies such as fuzzing and static/dynamic code analysis
- Experience developing functional exploits for common vulnerabilities (e.g., stack overflow, cross-site scripting, SQL injection)
- Experience with AWS or similar cloud computing platforms
- Experience designing and implementing technical security controls
- Experience participating in Bug Bounty programs
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.