Security Analyst

Skills

4+ years of security engineering experience OR equivalent experience in a SWE/DevOps role and an interest in working on security engineering initiatives Familiarity with security detection techniques (SAST DAST IAST SCA) threat modeling frameworks (OWASP MITRE STRIDE DREAD) and how they are used together to improve product security through design reviews A solid understanding of modern software development principles and design patterns including the ability to write clean efficient and maintainable code (in Java Typescript Python etc.) Familiarity with Agile DevOps CI/CD and cloud-based infrastructure like AWS Curiosity and a willingness to learn

Description

Amplitude is a leading digital analytics platform. More than 1,900 customers, including Atlassian, Jersey Mike’s, Marks & Spencer, NBCUniversal, PayPal, Shopify, and Under Armour rely on Amplitude to gain self-service visibility into the entire customer journey. With Amplitude, teams can understand what product features are working, where users are getting stuck, and what actions lead to the right outcomes. As an organization, we approach challenges with humility, take ownership of our contributions, and embrace a growth mindset that pushes us to constantly improve ourselves, each other, and the value we bring to customers and partners.

Responsibilities

• As a Security Engineer, you will help identify and drive impactful projects to improve the security of their platform, products, and internal systems
• You will partner closely with teams across the company and focus on systemic security improvements and risk reduction
• You will also maximize your security skills to support and participate in operational security responsibilities like security reviews and consulting, threat research/bug-bounty triage, incident response, and risk management
• Perform technical security assessments, code audits, and design reviews
• Clearly communicate the risk of security issues to developers, including proof-of-concept code as necessary to demonstrate the potential severity
• Partner with Engineering to establish comprehensive visibility into potential risk events across a cloud-native environment
• Create and refine telemetry, detection capabilities, and response playbooks required to detect, prevent, and respond to cyber risk events efficiently
• Manage risks by implementing robust security capabilities for repeatable predictable outcomes and maturation, and by coordinating incident response workflows
• Influence Engineering and Product teams to prioritize and implement all stages of the Vulnerability Management life-cycle - detection, analysis, remediation and disclosure
• Participate in team on-call rotation to support our penetration-testing, bug-bounty, and vulnerability-management programs