Do you enjoy finding unique security flaws in artificial intelligence and LLMs? Do you enjoy protecting customers by securing AI and Amazon services at scale? Do you enjoy mentoring and leading engineers to solve complex security problems in cutting-edge technologies? On AGI security team, as a Senior Security Engineer you will be responsible for the delivery of continuous assessments. You will be asked to solve complex technology problems, build tools to automate your way out of manual efforts, and influence the way Amazon services, primarily Gen AI services respond to and mitigate threats.
Our team is responsible for manually evaluating the security of all GenAI models released by AGI. We specialize in uncovering subtle vulnerabilities that automated tools miss, and develop custom tooling to scale our security efforts across Amazon's expanding GenAI landscape. The AGI surface area is large and diverse, and we use insights from manual testing to continually improve our focused automation to proactively identify and fix potential issues before customers are impacted.
The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
We are passionate problem solvers with deep security expertise. We’re working hard, having fun, and making history. Come join our team! You will partner with world-class technical leaders, security experts, developers, business teams, scientists and data analysts across the organization, spanning a wide range of disciplines.
Key job responsibilities
* Perform expert cybersecurity red-teaming on complex proprietary foundation models testing, threat model and pentest the services built by AGI.
* Manually generate the novel prompts, jailbreaks to bypass the existing model guardrails authored in house by AGI and AWS Bedrock.
* Write proof of concept code to demonstrate the severity of a potential security issue
.
* Provide clear communication on risks to ML builders/scientists that suggest and mitigate the risk.
* Partner with ML builders/scientists to drive improvement in FM models security as a result of security review engagements
.
* Provide actionable long-term risk mitigation guidance to internal and external stakeholder
.
* Conduct independent vulnerability research pertaining to GenAI technologies.
A day in the life
A Security Engineer should foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AGI and by groups throughout Amazon), while having an understanding of the application of information security in a broad range of technical areas.
About the team
Work/Life Balance: Our team puts a high value on work-life balance. It isn’t about how many hours you spend at home or at work; it’s about the flow you establish that brings energy to both parts of your life. We believe striking the right balance between your personal and professional life is critical to life-long happiness and fulfillment. We offer flexibility in working hours and encourage you to find your own balance between your work and personal lives.
- Bachelor’s degree in Computer Science, Engineering, or a related field; Master’s or Ph.D. preferred
- Minimum 2 years of experience in AI security, adversarial machine learning, or related fields
- Minimum of 5 years of experience in security testing (Penetration testing, Vulnerability testing, Red teaming, bug hunting, CTF experience, or related field)
- Minimum of 5 years of experience with manually auditing source code (One or more of: Java, Ruby, Python, JavaScript, Rust, C, others) to find security issues
- Minimum of 5 years of experience scripting in Python or other equivalent interpreted languages
- Solid understanding of machine learning techniques, deep learning architectures, and generative models (e.g., GANs, VAEs)
- Familiarity with security frameworks, tools, and techniques for protecting AI systems
- Knowledge of data privacy regulations (e.g., GDPR, CCPA) and their implications on AI systems is a plus
- Experience with AWS AI technologies and services (e.g. SageMaker, Code Whisperer, Bedrock, etc)
- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- Experience with the architecture of GenAI models, platforms, and applications
- Knowledge of common AI/ML attack techniques such as prompt injection and ability to automate testing for these vulnerabilities
- Ability to identify vulnerabilities and threats specific to GenAI and other AI/ML systems
- Background in adversarial machine learning and emerging attacks like data poisoning, model extraction, membership inference, etc
- Experience with languages commonly used in AI/ML like Python, R, Java, C++
- Meets/exceeds Amazon’s leadership principles for this role
- Meets/exceeds Amazon’s functional/technical depth and complexity expectations for this role
- Excellent communication skills to collaborate with cross-functional teams and present complex security concepts to non-technical stakeholder
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.