Home
Jobs
Amazon Web Services (AWS)
Penetration Testing Engineer, Security Testing

Penetration Testing Engineer, Security Testing

Remote

Es, Belgium

Full Time

22-04-2025

Share this job:

Score my CV Apply

Job Specifications

Description

We are looking for a Penetration Testing Engineer who has a strong passion for security-at-scale. You will be on a team responsible for the delivery of continuous assessments. You will be asked to solve complex technology problems, build tools to automate your way out of manual efforts, and influence the way Amazon services respond to and mitigate threats.

Amazon Web Services (AWS) is the leading cloud service provider, providing virtualised infrastructure, storage, networking, messaging, and many other services to customers all over the world, including government customers. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises to large government customers, run their operations and applications on AWS’ highly secure infrastructure. Our team is responsible for the manual assessment of all products, services and software released by AWS. We specialize in digging deep to find security issues that static analysis tools can’t, and write the tooling to help with these goals whenever possible. The surface area is large and diverse, and we use results found in manual analysis to help improve our enterprise-wide automation to proactively spot and fix potential security issues to protect customers.

We are looking for a Security Engineer to help ensure all of our web services and applications are designed and implemented to the highest security standards. You will be responsible for web application, network, and operations penetration testing. You will be responsible for automating repetitive tasks. You will be responsible for influencing Amazon services through the creation of threat mitigation plans. You will work directly with internal teams to solve challenging software problems.

You must produce results in the face of ambiguity and imperfect knowledge, and foster constructive dialogue and drive resolution when faced with disagreement. You are considered a technical leader on your team. You work efficiently and routinely deliver the right things with limited guidance. Your work focuses on ambiguous problem areas in existing or new hardware and software initiatives. You take a long term view of your team's processes & software, understanding how it fits into the business. You proactively fix architectural deficiencies and/or propose larger project scopes, which may require the work of a team. You split that work into parallel tasks that can be performed by you and others and then reassembled successfully.

Amazon's Leadership Principles of "Dive Deep", "Earn Trust", "Deliver Results", and "Invent and Simplify" will be called upon daily. A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of complex decisions.

Key job responsibilities

Perform penetration testing of complex proprietary software and hardware for AWS services
Manually audit the source code of web services and software authored in-house by Amazon
Write proof of concept code to demonstrate the severity of a potential security issue
Provide clear communication on issues to developers that suggest and help to test the fix
Partner with AWS developers to drive improvement in application security as a result of security
Provide actionable long term risk mitigation guidance.

About The Team

Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Mentorship & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

Basic Qualifications

Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.) and minimum of 3 years of experience in professional penetration testing, source code auditing, bug hunting, or CTF experience
Domain expertise in at least two areas, including: security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and testing, cryptography, and software development security
Experience finding security issues in multiple languages (including one or more of: Java, Ruby, Python, JavaScript, Rust, C) and minimum of 2 years of experience scripting in Python or other equivalent interpreted languages
Minimum of 2 years of professional experience with security engineering practices such as in web application security, network security, authentication and authorization protocols, cryptography, automation and other software security disciplines

Preferred Qualifications

A Bachelor’s degree in Computer Science, Cybersecurity, Customer Security, or equivalent professional experience can be used in lieu of a degree
Experience with multiple programming languages and deploying code in an enterprise environment
Demonstrable experience using boto3

Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazo...

About the Company

Launched in 2006, Amazon Web Services (AWS) began exposing key infrastructure services to businesses in the form of web services -- now widely known as cloud computing. The ultimate benefit of cloud computing, and AWS, is the ability to leverage a new business model and turn capital infrastructure expenses into variable costs. Businesses no longer need to plan and procure servers and other IT resources weeks or months in advance. Using AWS, businesses can take advantage of Amazon's expertise and economies of scale to access ... Know more

Related Jobs

Company Name: Ypto
Job Title: Cyber Security Incident Response Team (CSIRT) Officer
Job Description: Job Description As a CSIRT Officer you will join the CISO Cybersecurity Center of Excellence team within the NMBS CISO organization . You will contribute to the daily security incident preparation, detection and response activities including threat detection, incident handling, threat hunting as well as propose and execute improvement actions, interact with the staff of NMBS (including its affiliates) and the security services providers. Incident handling and response As member of a dynamic CSIRT team you will need to be able to respond adequately to cyber security incidents by working together with fellow CSIRT officers and any possible stakeholders. This Includes Investigate and respond to level 3/4security incidents, including malware infections, network intrusions, and data breaches Conduct forensic investigations, coordination and analysis of security incidents, regardless of IT, IoT or OT origin Work closely with other members of the SOC, CSIRT and with other teams within the organization, to identify and mitigate security risks Develop and implement incident response plans & procedures, and provide guidance to other members of the organization on security best practices Communicate and report security incident progress to required internal and external stakeholders Threat detection and hunting As the CSIRT officer, you will also be responsible for threat detection and hunting. You will use your expertise in security operations to proactively identify threats and vulnerabilities within the organization's infrastructure with the help of the SIEM and custom detection tools. This will involve conducting regular threat hunting exercises to detect potential threats that may have evaded detection by traditional security measures. You will use a variety of tools and techniques to collect and analyze security data to identify anomalous behavior and potential indicators of compromise. Additionally, you will work closely with the the 3rd party SOC team to investigate potential security incidents and provide guidance on threat remediation and mitigation strategies. You are able to read and understand logs (Windows, Linux, network , etc) to analyze system artifacts for signs of compromise. SIEM Engineering You will play a critical role to ensure the organization's security posture remains strong. You will develop, maintain, and optimize our SIEM systems to ensure timely detection and response to security incidents. This will involve creating and maintaining use cases and detection rules (based on the MITRE ATT&CK framework), as well as writing playbooks for the SOC team to ensure consistent and effective incident response. Additionally you will automate the response to SIEM and EDR events as much as possible, in order to allow the SOC and the CSIRT to focus on the essentials. Projects Next to the core business of our team activities mentioned above, you will also contribute in different projects based on the needs of our team. This can include rolling out a new products or platforms, maintaining it, automate manual tasks with the help of scripts, … Skills Job requirements Strong analytical and problem-solving skills, with the ability to identify and respond to security incidents in a timely and effective manner Strong knowledge of security technologies and tools, such as SIEM, EDR, intrusion detection and prevention, firewalls, … Strong understanding of networking protocols and technologies, as well as operating systems Experience with security incident response tools and techniques, including forensics and/or malware analysis Experience with threat hunting and the ability to identify and investigate suspicious activities on the network and systems Experience with SOC Engineering and identifying gaps in our detection capabilities, as well as the ability to automate alert handling Experience with one or more scripting languages: Python, Bash, PowerShell Experience with query languages (Kusto Query Language, SPL, etc) Experience with the administration of Linux systems Familiar with cloud security concepts Passionate about security monitoring, digital forensics, incident response, threat intelligence Spoken and written fluency in Dutch or French Spoken and written fluency in English Customer focus and able to handle in an organization-sensitive way Qualifications Bachelor's degree in Computer Science, Information Security, related field or equivalent experience At least 3-5 years of experience in a security-related role, with a focus on incident response and analysis Relevant certifications, such as the GCIH, GCFE, GCFA, GNFA, GCIA, GREM or similar are a plus Our offer Benefits Within our open corporate culture, you contribute to the digital transformation of SNCB. You will have a job with social impact and ample opportunity to make your own contribution. In addition to a good work-life balance and a competitive salary, you will receive the following benefits: the possibility to work remotely + flexible working hours; 35 days of leave; a company car + a public transport season ticket; a target bonus; a comprehensive insurance package (affiliation without own contribution, excl. outpatient costs for family members); hospitalisation and dental care for the whole family; outpatient costs (= medical costs separate from hospitalisation); group insurance: supplementary pension, work disability and death (cafeteria plan); accidents at work (extralegal); meal vouchers and eco-vouchers; net allowances for remote working and carwash + internet budget.

Company Name: CHRLY Belgium
Job Title: Security Operations Manager
Job Description: For our customer located in Ghent, Fujitsu is looking for a Security Operations Manager: Start: TBD Language requirements: NL + EN Role Overview We are looking for a proactive and structured Security Operations Manager to support and oversee day-to-day security operations, drive infrastructure compliance efforts, and coordinate internal and external security initiatives. This role will serve as a key interface between IT infrastructure teams, compliance stakeholders, and auditors. Key Responsibilities Infrastructure Compliance & Risk Management Monitor and ensure adherence to relevant standards such as ISO/IEC 27001, NIS2, and GxP. Perform compliance gap assessments and follow up on remediation actions. Maintain up-to-date knowledge of evolving regulatory and security requirements. Audit & Evidence Management Prepare and collect security evidence and documentation for internal and external audits. Act as the central point of contact for auditors, ensuring timely and accurate responses. Security Operations Oversight Monitor and coordinate operational cybersecurity processes such as patching, vulnerability management, endpoint protection, and logging. Collaborate with the SOC (internal or external) for incident reporting and response follow-up. Track and escalate open security risks and findings. Project Coordination Support or lead infrastructure-related security projects (e.g., hardening, segmentation, secure cloud deployments). Align with project managers and technical teams to ensure that security requirements are integrated from the start. Coordinate third-party vendors and follow up on deliverables. Profile Minimum 5 years of experience in IT security, infrastructure compliance, or IT risk management. Strong understanding of ISO 27001, NIS2 Directive, and GxP/GCP-related IT controls. Experience working in life sciences, healthcare, or regulated environments is a plus. Proven ability to coordinate cross-functional teams and manage documentation and audit trails. Familiarity with common security tools (SIEM, vulnerability scanners, EDR). Nice to Have Knowledge of cloud security frameworks (e.g., Azure Security Center, AWS Well-Architected). Understanding of NIST CSF, CIS Controls, or SOC 2. Experience with incident response coordination or working with MSSPs/SOCs.

Company Name: Talents4You
Job Title: Network & Security Expert - Internal role
Job Description: Our Partner is a fast growing International company active in Cloud Communications and Digital solutions. On the back of a strong national and international growth we are currently scaling up the Product Management department taking care of Products & Services definitions and lifecycle. The position Take full ownership of Product & Service definition and lifecycle related to the Network & Security offering Coordinate and drive the interactions between the different technical departments, Sales/Presales & Marketing Push and Pull feedback on Technology and Marketing evolutions Participate in different cross technologies and Services projects Create internal and external awareness and evangelisation Interact with international teams to share feedback and market trends The profile At least 5 years experience in an ICT role Excellent knowledge in Network and Security technologies and services Excellent communications skills Good project management skills Ability to think in and outside the box Fluent in English. French and/or Dutch The offer 3500 – 4 500 euro + company car + fringe benefits A Technology minded and fast growing environment with growth and training opportunities Interested? Send us your CV by clicking the “apply” button. If you’d have any further questions, feel free to call us on +32 2 616 54 51. We have several other positions such as Internal Sales, External Sales (Business Development, Account management, Sales Executives …) and Presales.

Flemish Brabant, Belgium

Hybrid

Full Time

30-04-2025

Company Name: Swift
Job Title: Security Architect
Job Description: About Us We’re the world’s leading provider of secure financial messaging services, headquartered in Belgium. We are the way the world moves value – across borders, through cities and overseas. No other organisation can address the scale, precision, pace and trust that this demands, and we’re proud to support the global economy. We’re unique too. We were established to find a better way for the global financial community to move value – a reliable, safe and secure approach that the community can trust, completely. We’re always striving to be better and are constantly evolving in an ever-changing landscape, without undermining that trust. Five decades on, our vibrant community reflects the complexity and diversity of the financial ecosystem. We innovate diligently, test exhaustively, then implement fast. In a connected and exciting era, our mission has never been more relevant. Swift now has a presence in 200+ countries and legal territories to serve a community of more than 12,000 banks and financial institutions. What To Expect Define a broad enterprise PKI strategy and reach alignment across the organization. Design the security architecture for a state-of-the-art and future-proof PKI infrastructure, with adequate Certificate Authority (CA) topology, PKI technology, certificate lifecycle management tools and other components. Lead the strategic transition of the PKI infrastructure to Post-Quantum Cryptography (PQC), ensuring that cryptographic systems are designed with cryptographic agility in mind. Closely collaborate with the IT and Operations teams in charge of deploying and operating the PKI infrastructure. Oversee critical PKI processes such as root key ceremonies and other essential CA processes to maintain the integrity and trust of our PKI systems. Develop and maintain detailed documentation of PKI processes. Ensure proper governance framework, certificate policies and practices statement are implemented and maintained. Define and implement robust and reliable incident, response, and recovery procedures. Ensure compliance with relevant regulations and industry standards. Support internal and external audit reviews. Act as PKI centre of expertise, providing specialized knowledge and guidance on all aspects of PKI systems. Keep abreast with the latest trends, technologies, and industry best practices and serve as a key advisor. What you need to be successful: University degree in Computer Science, AI/ML, Data Science or related field, or equivalent experience. Cybersecurity background is a plus. 8-10 years of relevant experience, including in AI/ML models development and deployment. Proficiency in programming languages such as Python, Java, or C++, and in AI/ML frameworks and libraries such as TensorFlow, PyTorch, scikit-learn, Keras, and XGBoost. Strong understanding of security concepts, including data privacy controls, secure coding practices, threat modeling, and risk assessment. High interest to learn and apply cyber security to AI/ML systems, including protecting against adversarial ML attacks, ensuring the integrity of model training and inference processes and the confidentiality of model and trained data. Strong analytical and problem-solving skills, attention to detail, and ability to work in a collaborative team environment. Excellent communication skills, including the ability to translate complex technical information for a non-technical audience. What We Offer We put you in control of career We give you a competitive package We help you perform at your best We help you make a difference We give you the freedom to be yourself We give you the freedom to be yourself. We are creating an environment of unique individuals – like you – with different perspectives on the financial industry and the world. A diverse and inclusive environment in which everyone’s voice counts and where you can reach your full potential. If you believe you require a reasonable accommodation to participate in the job application or interview process, please contact us to request accommodation. Don’t meet every single requirement? At Swift, we are dedicated to building a workplace where people can bring their full selves and ideas to the team, so if you are excited about this role, we encourage you to apply even if you do not meet every single qualification.