Penetration Testing Engineer (Hardware/Firmware/Virtualization), AWS Proactive Security

Amazon Web Services (AWS) is seeking a Penetration Testing Engineer with a strong passion for security-at-scale to join their Proactive Security team. This role is part of AWS Security, responsible for conducting comprehensive security assessments of all AWS products, services, and software. The position focuses on hardware security, requiring expertise in virtualization, firmware, and platform security.

The successful candidate will be responsible for performing penetration testing of complex proprietary software and hardware, conducting manual source code audits, and developing proof-of-concept code to demonstrate security vulnerabilities. They will work closely with AWS developers to implement security improvements and provide strategic risk mitigation guidance.

Key responsibilities include conducting security reviews, analyzing threat models, and developing automated tooling to detect security issues at scale. The role requires strong technical skills in areas such as virtualization security (Xen, KVM, QEMU), hardware security (PCB, JTAG, UART, SPI), and firmware security (TPM, UEFI, TrustZone).

The position offers excellent career growth opportunities through continuous learning, mentorship, and exposure to diverse technical challenges. AWS values work-life harmony and maintains an inclusive team culture with ongoing DEI initiatives. The team operates in a collaborative environment where security professionals can make significant impacts on protecting AWS's global infrastructure and customers.

This role is ideal for security professionals who are passionate about hardware security, enjoy solving complex technical challenges, and want to work at scale in a dynamic cloud computing environment. The position requires excellent communication skills, the ability to work independently, and a dedication to maintaining AWS's high security standards.