Security Engineering Manager, AWS Vulnerability Management

Help us protect not only the Amazon Web Services (AWS) cloud computing environment but all of our customers as well! Since 2006, our great team at AWS has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. With AWS you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them.You will be responsible for managing a team of security engineers and technical program managers evaluating the risks related to container workloads evolving the security assurance process, identifying blockers for builders, and creating metrics to demonstrate your team’s performance. You will help set the direction for a team of security professionals that is responsible for all AWS products and services. This role combines long term strategic planning to raise the bar on security across the enterprise with the excitement and challenge of quickly reacting to new threat scenarios.As a security engineering manager at Amazon, you will be expected to speak authoritatively on behalf of your team and your technical knowledge should demonstrate both depth and breadth. You will be responsible for your team’s organizational structure and how that team works within the context of the larger AWS Security team. Leveraging the strengths of individual team members, delegating tasks appropriately and managing delivery of long term projects will all be critical tasks for this role. A security manager has deep knowledge in their domain and is a sought after thought leader across the organization. They have both management and technical expertise and actively participate in the organization’s planning processes.Key job responsibilities* Team management, growth, and organization* Professional development of team members* Project management* Metrics and projections* Driving security initiatives* Recruiting* Process Improvement* Work across AWS to partner on solutionsA day in the lifeIn this role you'll lead a team of engineers and TPMs, you'll build their careers and help solve complex security problems. You'll help identify trends in the findings your team generates and will work with partners to remove these bug classes at source. You'll participate in hiring, development, training, and team leadership. You'll own a part of the team and will be encouraged to grow your ownership and role.About the teamAt Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Diverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- A Bachelor’s degree in Computer Science, Cybersecurity, Information Security, degree in similar technical field, or equivalent professional experience can be used in lieu of a degree- Minimum of 5 years of experience in Security Engineering management- Minimum of 5 years of experience in managing or leading engineering teams- Experience in vulnerability management- 7+ years Software Development or Software Development Management experience.- Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques.- Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand concepts.- Knowledge of engineering practices and patterns for the full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operational excellenceAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $157,600/year in our lowest geographic market up to $272,400/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer - Hardware, Firmware, Virtualization, Secure Hardware And Foundational Technologies Team

Help us protect not only the Amazon Security (AmSec) cloud computing environment but all of our customers as well! Since 2006, our great team at AmSec has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. With AmSec you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them.Amazon Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows.As a part of the Secure Hardware and Foundational Technologies group, we help Amazon launch brand new products and invest in emerging technologies securely. We are looking for a technically deep Senior Security Engineer to help secure our foundational platforms such as OS kernels, virtualization, device emulation, firmware and hardware. You will be responsible for conducting security reviews, threat modeling, developing tooling that will help detect security issues at scale and hands-on security evaluations (pen-testing).The successful candidate must be comfortable diving into complex engineering discussions, and leveraging deep security expertise to ensure proper risk assessment and threat analysis is performed. You will provide crystal-clear technical direction and risk mitigation guidance for diverse engineering and business leaders at all levels.By applying your hard-earned years of practical security engineering expertise in projects related to enterprise networking, hardware-rooted security, operating system hardening, and cloud-scale administrative infrastructure, you will literally shape the future of cloud computing.You are expected to be strong in multiple domains and provide significant contributions to the IT Security team and to multiple groups throughout AmSec. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.You should foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AmSec and by groups throughout Amazon), while having an understanding of the application of information security in a broad range of technical areas.You will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.Key job responsibilities- Security reviews for hardware including servers and devices- Penetration testing & vulnerability research- Threat modeling- Security training and outreach to internal development teams- Security guidance documentation- Assistance with recruiting activitiesAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science or related field, or equivalent work experience- 5+ years of experience in Security Engineering or Development of Security capabilities, supporting engineering projects from concept to delivery, and 2 years in two or more of the following technical categories: Virtualization security (Xen, KVM, QEMU) - Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA) - x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, Secure Boot, JTAG, PCIe) - Physical security testing at the machine level- Security testing of compute platforms (Server, PC or Mobile) - Working with diverse physical tamper resistance and/or tamper detection techniques- MS in Computer Science, Information Security, or related field, or equivalent work experience- Demonstrated ability to prepare technical specifications and executive-ready communications- Experience using AWS core services (EC2, S3, IAM, Kinesis, Lambda, KMS, VPC, etc)- Experience designing for relevant security standards (TCG, IEEE, NIST, FIPS, PCI, ISO 28000 series)- Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM)- Expert knowledge of Windows, Linux, and hypervisor security (especially in cloud environments)- Expert knowledge of common security-relevant protocols (e.g. SSH, TLS, DNS, DHCP, NTP, ICMP)Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Senior Security Engineer, AWS Proactive Security

The Amazon Web Services (AWS) Proactive Security team continuously works to ensure our services and resources are implemented and maintained to the meet the highest standards of security. Our mission is to prevent security incidences from happening and when they do, we detect and mitigate them in real time.We are looking for a Senior Security Engineer who has a strong passion for security-at-scale. We develop tools and prototypes to automatically detect and prevent security problems in AWS source code, services and resources. Our team deals with immense quantities of resources and we use cutting-edge analysis techniques to solve the most complex security issues at scale.You will use your security expertise to define new tooling domains and building new security focused products within AWS Security. You will collaborate with Builders, Security Analysts and Applied Scientists to drive security improvements. The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, you will be a security generalist with one or more areas of deep expertise. You will communicate risks across the business to both technical and non-technical audiences, and effectively harmonize disparate opinions while reducing risk.Key job responsibilities* Research, identify, and prioritize security problems that can be detected using automation.* Effectively drive conversations with Principal Engineers, Directors and VPs to influence business investments and prioritize risks.* Develop detection prototypes for these security problems to enhance our tool-set for static, dynamic or network analysis. Provide security architecture and design guidance and develop security automation tools.* Work with Builders and service teams to address detected security issues in an appropriate and timely fashion.* Identify opportunities to prevent security issues at scale.* Document and provide security guidance that will be used across AWS services.* Deliver metrics to show effectiveness of our security initiatives.* Mentor and develop teammates both technically and professionally.* Seek out, develop, and advocate for new technology to research, identify, and mitigate complex risks.* Effectively navigate novel situations and problems that do not have a defined solution.A day in the lifeAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science, Information Security or equivalent- Minimum of 5 years of experience with any combination of the following: mobile security, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security- Knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)- Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)- Experience managing and delivering security solutions at scale- Demonstrated experience collaborating with other security engineers and developers to deliver complex projects- Experience with AWS or similar enterprise cloud computing platforms.- Knowledge of Linux systems and operating system internals- Excellent written and verbal communication skills with the ability to convey technical information to a wide variety of audiences; and strong and creative problem-solving abilities- Strong sense of ownership, urgency, and driveAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Senior Security Engineer, Maximum Application Security Team (MAST)

In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from cutting-edge digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe’s largest AWS deployment.As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application’s code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the Stores AppSec organization to work hard, have fun, and make history!Key job responsibilities* Creating, updating, and maintaining threat models for a wide variety of software projects* Manual and automated secure code review, primarily in Java, Python and Javascript* Development of security automation tools* Adversarial security analysis using cutting-edge tools to augment manual effort* Security training and outreach for internal development teams* Security architecture and design guidance* Lead execution and definition of security strategy for your team* Mentor and develop teammates both technically and professionally* Seek out, develop, and advocate for new technology to identify and mitigate complex risks* Effectively navigate novel situations and problems that do not have a defined solutionAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science or related field, or equivalent work experience- Minimum of 5 years of experience with at least three of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security- Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security- Experience reading and writing in at least one programming language- You demonstrate excellent judgement in assessing and prioritizing technical risk- You have a strong application security background with a focus on scalable solutions- You have experience building and- You effectively negotiate priorities across teams to achieve challenging goals and security debt reductionAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Sr. Security Engineer, AWS Center for Quantum Computing

The Amazon Web Services (AWS) Center for Quantum Computing (CQC) in Pasadena, CA, is seeking a Security Engineer who will design and oversee the security operations of a growing research and development (R&D) effort. This role requires some on site activity, roughly 1 to 2 times per week.As a security expert, you will own the completion of a threat model and security plan for our research spaces and will lead an array of projects and security initiatives/activities designed to protect your fellow Amazonians, R&D facilities, and critical cloud infrastructure from all categories of threats. You will define, document, and educate policies/workflows for our labs, which span across academic, corporate, and industrial spaces. You obsess over internal and external customers and successfully deliver support and services in a fast-paced environment where priorities shift quickly. You are also independent and can manage program security projects under minimal supervision, continuously triage and prioritize accordingly, communicate clearly, think outside the box, and deliver exceptional results. By delivering a highly secure yet flexible R&D environment, successful candidates will enable a team of scientists and engineers to secure quantum technologies for our global AWS customer base.Additional responsibilities include:Work with internal stakeholders, academic and corporate partners to meet or exceed Amazon security barUnderstand software lifecycle on scientific equipment and mitigate physical and logical risksPerform periodic reviews of software baselines and network activityManage security reviews of internally used, external-facing, or third-party applicationsCreate and maintain detailed inventories of sensitive hardware and softwareWith the help of other security engineers at AWS, audit equipment and software before commissioning in a development or production environmentAbout the teamExport Control Requirement: Due to applicable export control laws and regulations, candidates must either be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum, or be able to obtain a US export license.About AWSDiverse ExperiencesAWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS?Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Inclusive Team CultureHere at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. This team is part of AWS Utility Computing: Utility Computing (UC) AWS Utility Computing (UC) provides product innovations — from foundational services such as Amazon’s Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2), to consistently released new product innovations that continue to set AWS’s services and features apart in the industry. As a member of the UC organization, you’ll support the development and management of Compute, Database, Storage, Internet of Things (Iot), Platform, and Productivity Apps services in AWS, including support for customers who require specialized security solutions for their cloud services.- 5+ years relevant security engineering work experience, or a Bachelor’s degree in one of the following degree programs: Cybersecurity, Computer Science/Engineering, Electrical Engineering, Informatics, or related academic degrees- 5+ years of professional work experience as a security expert in one or more of these areas: security engineering, scientific research, engineering research and development- Hands-on experience with security lifecycle activities including threat modeling, risk analysis, design review, and testing- Strong understanding of adversary TTPs and experience with threat detection, response, and recovery- Interest in learning Quantum Technologies- Effective teacher and instructor, with experience developing and delivering training to security, technical, and business professionals; Ability to develop and deliver security awareness training programs- Excellent written communication skills, with a focus on translating technically complex security issues into simple, easy to understand concepts for business and technical leadership; Experience writing and publishing security standards- Ability to manage tactical (daily) operations and participate in development of strategic program plans- Understanding of crisis operations, risk management, and crisis communication- Understanding of business continuity and incident command system- Strong working knowledge of access control systems and physical security systems/components- Experience in providing security oversight at data centers or research lab environments/equivalentAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer, EPP Analytics

The Amazon Security Enterprise Protection team builds tools and services for the monitoring and response to malicious activity on the Amazon internal network. We collect, process, and analyze data from all parts of Amazon's worldwide infrastructure to identify and reduce risks to Amazon.We are looking for a Security Engineer who is excited about designing and building secure solutions to solve challenging problems for mission critical systems that protect Amazon and our customer data. In Amazon Security, our challenges are broad and deep -- we build flexible, secure, scalable, high-performance and robust tools and services.
As a Security Engineer, you will collaborate to ensure we keep our customers safe while developing these novel tools and services. In a given day, you might be inspecting an application’s code for security issues, fine-tuning the design for a new tool alongside its developers, or designing and developing a new tool or service.The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. They should be comfortable with a high degree of ambiguity and relish the idea of solving problems that haven't been solved at scale before. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.
Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the Amazon Security organization to work hard, have fun, and make history!Key job responsibilitiesThis role will allow you to work with internal service teams, IT services teams, Risk Assessment and Security Response teams to build detections and analytics that find and reduce insider risk.You will bring deep security knowledge and experience to builder teams to help them build better controls and audit capabilities, while developing detections and response plans that inform the right people when anomalies occur.As a security engineer on the team you will work and lead the most complex and ambiguous projects. However you also be paying attention to the team's work as well as your own.You will contribute to think big ideas about how we radically change how we approach this problem space, help drive feedback and prioritization models. You'll lead calibration and review exercises across teams to ensure a consistent approach to detections is being taken. A day in the lifeNo two days are the same in Insider Risk teams - the nature of the work we do and constantly shifting threat landscape means sometimes you'll be working with an internal service team to find anomalous use of their data, other days you'll be working with IT teams to build improved controls. Some days you'll be busy writing detections and response plans, or mentoring or running design review meetings.About the teamAbout AmSec:Diverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon SecurityAt Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training and Career growthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.- Bachelor's degree in computer science or equivalent- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- Common knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security. Experience reading and writing in at least one programming language.- 3+ years of experience with at least two of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security You demonstrate excellent judgement in assessing and prioritizing technical risk, have a strong application security background with a focus on scalable solutions, have experience building and securing complex AWS architecture You have excellent written and verbal communication skills, work to identify and remove bottlenecks for your teammates, both in process and technology.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer, Maximum Application Security Team (MAST)

In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from cutting-edge digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe’s largest AWS deployment.As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application’s code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!Key job responsibilities* Creating, updating, and maintaining threat models for a wide variety of software projects* Manual and Automated Secure Code Review, primarily in Java, Python and Javascript* Development of security automation tools* Adversarial security analysis using cutting-edge tools to augment manual effort* Security training and outreach for internal development teams* Security architecture and design guidance* Independently solve security problems that require novel methods or approaches* Influence your team’s and partners’ process, priorities, and choices to improve outcomesAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science or related field, or equivalent work experience- Minimum of 3 years of experience with at least two of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security- Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security- Experience reading and writing in at least one programming language- You demonstrate excellent judgement in assessing and prioritizing technical risk- You have a strong application security background with a focus on scalable solutions- You have experience building and securing complex AWS architecture- You have excellent written and verbal communication skills- You work to identify and remove bottlenecks for your teammates, both in process and technologyAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Security Engineer II, Security Engineer, Vulnerability Management and Remediation Operations

Embark on a Mission to Fortify Amazon's Defenses as a Security Engineer with the Vulnerability Management & Remediation Operations team!Amazon Security is seeking a Security Engineer to join our Vulnerability Management and Remediation Operations (VMRO) team in Crystal City, Virginia. The VMRO team is responsible for discovering, assessing, triaging, detecting, and driving the remediation of vulnerabilities across the Amazon ecosystem.Key job responsibilities- Analyse public and private vulnerability disclosures and exploit code- Deeply understand and assess the technical details and potential impact of vulnerabilities across Amazon's infrastructure, services, and applications.- Investigate and triage vulnerabilities, identifying severity and the scope of potential impact to Amazon.- Support response and remediation efforts, assisting builder teams to fix their security issues in a timely manner- Engineer high quality, scalable, and accurate vulnerability detection mechanisms- Design and implement automation, tools and workflows to enhance our operations capabilities.- Be part of a global team and participate in periodic on-call responsibilities to ensure the continuous monitoring and remediation of vulnerabilities.If you're excited about the opportunity to make a significant impact on the security of one of the world's largest and most complex technology ecosystems from our HQ2 office, we'd love to hear from you!About the teamDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon SecurityAt Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Mentorship and Career growthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.- Bachelor's degree in computer science or equivalent- 4+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience- Knowledge of networking protocols such as HTTP, DNS and TCP/IP- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Associate, Customer Incident Response, Global Services Security - Customer Incident Response Team

Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer operate securely in the cloud. Building on those experiences you’ll collaborate with AWS service teams on new features, innovate with new technologies, and explore new challenges.The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customersSales, Marketing and Global Services (SMGS)AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success. AWS Support also partners with a global list of customers that are building mission-critical applications on top of AWS services.Key job responsibilities• Support incident response operations• Become a technical resource that earns the trust of customer stakeholders before, during, and after a security event.• Contribute as part of a team that include Amazonians, partners, and customers to build and deploy threat detection and incident response capabilities.• Assist in the design, building, and deployment of solutions to automate security operations and incident response on AWS.• Develop high-quality content, such as automation tools, reference architectures, and white papers to help our customers secure their workloads.• Innovate on behalf of customers by translating your thoughts into action-yielding results.• Mentor and invest in our team, partners and customers to raise the bar for our customers.• On-call required.About the teamDiverse ExperiencesAmazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why AWSAmazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud.Inclusive Team CultureHere at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship and Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.- 1 years of threat detection or incident response experience- 1+ years of experience building/operating on the AWS platform- 2+ years of experience in technical IT security or related job role- Experience in building scripts, tools, or methodologies that enhance customers’ threat detection and incident response capabilities.- Experience in operating security solutions, such as WAF, IPS, Anti-DDoS, or SIEM.- Interest and/or experience in big data storage, processing, and analytic methodologies and techniques like relational databases, NoSQL, ETL, business intelligence, Hadoop, data science, or machine learning.- Experience managing a security event, including managing customer expectations and delivering results.- Knowledge of incident response workflows and processes.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Associate, Customer Incident Response, Customer Incident Response Team

Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer operate securely in the cloud. Building on those experiences you’ll collaborate with AWS service teams on new features, innovate with new technologies, and explore new challenges.The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.Sales, Marketing and Global Services (SMGS)AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success. AWS Support also partners with a global list of customers that are building mission-critical applications on top of AWS services.Key job responsibilities• Support incident response operations• Become a technical resource that earns the trust of customer stakeholders before, during, and after a security event.• Contribute as part of a team that include Amazonians, partners, and customers to build and deploy threat detection and incident response capabilities.• Assist in the design, building, and deployment of solutions to automate security operations and incident response on AWS.• Develop high-quality content, such as automation tools, reference architectures, and white papers to help our customers secure their workloads.• Innovate on behalf of customers by translating your thoughts into action-yielding results.• Mentor and invest in our team, partners and customers to raise the bar for our customers.• On-call required.A day in the lifeA day in the lifeDiverse Experiences Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. Inclusive Team Culture Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship and Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. - Hands-on technical experience in incident response technology, security, automation, implementation, integration, and/or deployment- Experience building/operating on the AWS platform- Experience in technical IT security or related job role- Hands-on technical experience in building scripts, tools, or methodologies that enhance customers’ threat detection and incident response capabilities.- Strong scripting skills in modern scripting languages like PowerShell, Python, Node.js, Javascript, Bash, Ruby, or SQL.- Experience communicating complex technical matters clearly and concisely orally and in writing.- Experience managing customers during a security event, including managing customer expectations and delivering results.- Detailed knowledge of incident response workflows and processesAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Senior Security Engineer, AWS AppSec

Join AWS Security as a Security Engineer and be at the forefront of safeguarding cloud computing for millions of customers worldwide! In this role, you'll have the unique opportunity to work on the foundational services that form the backbone of AWS, directly influencing the security of the entire cloud infrastructure. If you enjoy seeing the impact your work has on real customers, this is the place for you! As a Senior Security Engineer in our team, you will lead the efforts to secure some of the foundational AWS services. In this role, you will help validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will have the opportunity to learn from, and be mentored by, those who are building and securing our cutting-edge services. This role will own and contribute to the security strategy for some of the core components on which various AWS services are built and scaled on. A Security Engineer at Amazon is expected to be strong in multiple domains and provide significant contributions to the AWS IT Security team and to multiple groups throughout Amazon. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the AWS IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS IT Security and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas.You will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties. Are you ready to leave your imprint on the world of cloud security and push the boundaries of cutting-edge technologies? We're eager to connect with you! Come be a part of our team as we forge the future of security at AWS.Key job responsibilities- Application security reviews- Mobile security reviews- Secure architecture design- Threat modeling- Projects and research work as needed- Security training and outreach to internal development teams- Security guidance documentation- Security tool development- Security metrics delivery and improvements- Assistance with recruiting activities and administrative workAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS (or higher) in Computer Science, Cyber Security or related field, or equivalent work experience.- Minimum 5 years of experience in product/application security with hands-on knowledge of threat modelling, secure design reviews, code reviews and penetration testing.- Minimum 5 years of experience securing services in cloud.- Experience with creating and securing applications using AWS services.- Ability to develop code with at least one modern language, such as Python- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

AI Security Engineer, AppSec AI

Come join Earth's most customer-centric company! Amazon is looking for an AI Security Engineer with strong insight and passion for security to ensure our AI applications are designed and built to the highest standards. Your mission is to secure the AI experiences of hundreds of millions of our customers. You bring AI security talent and expertise to a fast-paced environment where you will be relied upon to partner with our talented software development teams in building secure AI applications.As an AI Security Engineer, you will work with software development teams to ensure the security of AI applications. You will review code for security issues, build frameworks to help developers create more secure software, and adjust designs to improve protection. You will also perform security research, analyze bug reports, conduct risk assessments, develop automation, maintain documentation, and create tools that reduce security risks. Your work drives secure, reliable AI applications for Amazon's customers.Key job responsibilities* You will create, update, and maintain threat models for a wide variety of software projects. * You will perform manual and automated code review, primarily in Java, Python, and JavaScript* You will develop AI security automation tools. * You will perform AI security training and outreach for internal development teams. * You will provide AI security architecture and design guidance. * You will independently solve AI security problems that require novel methods or approaches. * You will influence your team's and partners' process, priorities, and choices to improve outcomes.About the teamAbout the teamThe AppSec AI team is tasked with empowering the business to create secure, trustworthy AI applications that our customers find delightful to use. We engage closely with the business from the outset of the development process to ensure that security considerations are integrated early and consistently. This collaborative approach positions us as partners with the business, minimizing the need for security trade-offs. Our close work with product teams allows us to participate in deep technical discussions and decisions. We prioritize obtaining the right training and career growth opportunities, enabling us to Dive Deep and Earn Trust with our development teams.About Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- Knowledge of GenAI systems and associated security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent- Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security.- Bachelor's degree in computer science or equivalent, plus 3+ years of security engineering experience.- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer II, Offensive Security Penetration Testing

Amazon’s Information Security Penetration Testing Team is seeking a Security Engineer to help keep Amazon secure for its customers. In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them to our internal technology teams. This position will provide you with challenging opportunities, both technologically and as a leader, but will also be a great deal of fun if hacking Amazon alongside a team of highly skilled individuals sounds exciting to you.A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout the Amazon Security organization, as well as provide technical leadership and advice to teams and leaders throughout Amazon. You will be in direct contact with teams in a variety of business verticals, giving you first hand knowledge about how Amazon is built and how it operates at a deep, technical level. Additionally, you will leverage the knowledge you gain about Amazon to find new ways to break services and technologies throughout the company.Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. You will demonstrate resilience and navigate ambiguous situations with composure and tact. You will be expected to provide thought leadership for the organization as you discover, invent, and innovate throughout the course of your duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.Key job responsibilities- Conducting high quality application penetration tests independently, or as part of a team- Creating detailed engagement plans and thoroughly documenting findings, gaps, and remediation recommendations- Contributing to team tooling, innovation, and process improvements- Communicating and collaborating with partner security teams, service owners, and senior leadership to influence and prioritize the resolution of discovered security findingsAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience- Bachelor's degree in computer science or equivalent- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- 3+ years of experience in a penetration testing or similar offensive security role- Experience with AWS products and services- 1+ years experience with GenAI application penetration testing (prompt testing), network penetration testing, and/or mobile penetration testingAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Pentest Security Engineer II, Devices & Services Pentesting

Come join our penetration testing team dedicated to the detection and exploitation of vulnerabilities across Amazon’s portfolio ranging from consumer services and devices to the Kuiper satellites. This includes conducting in-depth reviews of complex service workflows including authentication mechanisms, AI, mobile, web applications, and web service APIs. Pentesters also invent new ways to automate and improve their work with techniques such as AI/LLMs, fuzzing, detection at scale, and static analysis.Our team operates under the Amazon Devices and Services Trust & Security (DSTS) organization which was formed in 2014 with the mission of protecting Amazon Devices & Services (D&S) customers’ trust, data, and the systems on which they rely. We protect customers by performing security reviews, offensive testing, vulnerability assessments, and provide guidance for remediations. We also drive down costs by building and automating security foundations and integrating them into design and release processes. DSTS builds the foundational capabilities that raise an org-wide security bar across the growing diversity of D&S businesses - securing 100+ device types, 12,000+ applications, and 100+ product lines that are developed and operated by more than 16,000+ builders.The DSTS penetration testing organization is growing and seeking an experienced web penetration tester to help shape the future of Amazon’s service security. You will work with builder teams and product owners to perform penetration testing and identify high-impact security vulnerabilities across the web services ecosystem supporting Amazon’s devices. The ideal candidate will be expected to comprehend large complex web service architectures and to dive deep into a service's source code, and to have some exposure to device penetration tests. This role will provide you with challenging technical opportunities and will also be a great deal of fun if hacking Amazon sounds exciting to you! In this role, you will be part of a dedicated team of talented penetration testers identifying vulnerabilities in the devices and services ecosystem. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping millions of customers that rely on Amazon’s consumer products safe and are passionate about mitigating vulnerabilities by providing actionable guidance to product teams. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to enhance manual testing capabilities, automating repetitive tasks, and enjoy seeing your work impact Amazon consumer devices and services, then this position is for you. Candidates from mid to senior level are encouraged to apply.Key job responsibilities- Lead and contribute to penetration tests against services and software released by Amazon’s Devices & Services organization. This includes working closely with builder teams to scope pentests, develop test plans, find vulnerabilities, develop proof of concept exploits, report findings, and validate patches.- Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.- Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance to drive security improvements.- Lead impactful security improvements in large product lines through close collaboration with our partner builder teams.- Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation to guide communication with internal engineering stakeholders and leadership.- Mentor junior penetration testers and cultivate a culture of collaboration and research sharing.About the teamWhile the majority of our Security team are based in the US, by applying to this position your application will be considered for all locations we hire for in the world, however candidates should expect to accommodate US time for necessary meetings.Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.Diverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- 3+ years of experience identifying, exploiting, and recommending solutions to remediate web application and service API vulnerabilities (e.g. mass assignment, broken object/function level authorization, JWT/OAuth, injection, business logic flaws, excessive data exposure, etc.).- Experience tracing sources and sinks during code review to identify vulnerabilities, and providing contextual remediation guidance to address vulnerability root cause.- Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks.- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services.- Bachelor’s degree in Computer Science or related field, or equivalent industry experience.- Foundational knowledge of hardware security fundamentals.- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition.- Experience with applying and assessing Machine Learning technologies.- Published security research (e.g. conference presentations, whitepapers, blog posts).Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

AWS Application Security Engineer, AppSec -EC2

Help us protect not only the Amazon Web Services (AWS) cloud computing environment but all of our customers as well! Since 2006, our great team at AWS has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. With AWS you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them. AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows. AWS Security is looking for an Application Security Engineer to help validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will have the opportunity to learn from, and be mentored by, those who are building and securing our cutting-edge services. A Security Engineer at Amazon is expected to be strong in multiple domains and provide significant contributions to the AWS IT Security team and to multiple groups throughout Amazon. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization. A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the AWS IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS IT Security and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas. You will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties. Key job responsibilities• Application security reviews • Mobile security reviews • Secure architecture design • Threat modeling • Projects and research work as needed • Security training and outreach to internal development teams • Security guidance documentation • Security tool development • Security metrics delivery and improvements • Assistance with recruiting activities and administrative workAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS (or higher) in Computer Science or related field, or equivalent work experience.- 3+ years of experience in application security with any combination of the following: threat modeling experience, secure design reviews, code reviews, pen-testing- Expertise in multiple security domains such as identity management and authentication, cryptography, networking, web protocols- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer, AWS Security Vulnerability Management

Amazon Web Services (AWS) Security is looking for a passionate, innovative, and motivated Security Engineer for the AWS Security Vulnerability Management team. At Amazon Web Services (AWS), Security is job zero. Our team is responsible for inventing new security services that enable and automate security solutions at AWS’ unprecedented scale. We are data-driven, set big goals, and are always challenging ourselves raise the security bar at AWS.In this role, you will be part of a team of security engineers solving complex security challenges that have direct and measurable impact on our customers. Our programs stretch across all of AWS, giving you the opportunity to interact with product teams, industry specialists, security partners, and organization leaders. You will build and own software solutions and solve ambiguous technical problems.Key job responsibilitiesDive into large datasets to identify potential risks.Perform assessments of software vulnerabilities.Work with software builders to apply environmental context against findings to adjust risk scores.Implement automation to improve operational throughput and efficiency.Work with partner teams to propose and implement functionality that reduces risks at scale.Organize and run remediation campaigns to eradicate risks from our environment.About the teamDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- Degree or 4 years equivalent experience in a technical field.- 3 years’ experience performing security investigations, penetration testing and/or incident response in the context of large organizations.- Experience with security threats, detecting and defending from cyber-attacks, and using big data analytics and orchestration to address security challenges.- 2 years’ experience developing code with at least one modern language such as Java, Go, TypeScript, Python, Rust and security code review.- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Security Engineer II, AWS Offensive Security

Do you enjoy finding unique security issues? Do you enjoy protecting customers at scale? Do you like challenging assumptions? On the AWS Offensive Security team, you will help ensure our devices, applications, services, and systems are designed and implemented to the highest standards and resilient to the modern threats. You will be asked to solve complex technology problems, build tools to automate your way out of manual efforts, and influence the way Amazon services respond to and mitigate threats.AWS Offensive Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), ML/GenAI, identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows.We are looking for a Security Engineer to help secure our foundational platforms with an emphasis on hardware. You will be responsible for conducting security reviews including hands-on security evaluations (penetration testing), analyzing threat models, and developing tooling that will help detect security issues at scale.You should be comfortable with tackling novel technical situations, and conducting hands-on testing of new, unique surfaces, to ensure proper security mitigations are in place. You will provide crystal-clear technical direction and risk mitigation guidance for diverse engineering and business leaders at all levels. By applying your hard-earned years of practical security engineering expertise in projects related to securing hardware, you will literally shape the future of cloud computing. Along the way, we guarantee that you will learn a ton, have fun, and make a positive impact on millions of people.Key job responsibilities• Security reviews for hardware including servers and devices• Penetration testing & vulnerability research• Threat modeling• Security training and outreach to internal development teams• Security guidance documentation• Assistance with recruiting activitiesAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science or related field, or equivalent work experience- Minimum of 3 years of experience in Security Engineering or Development of Security capabilities, supporting engineering projects from concept to delivery, and 1 years in one or more of the following technical categories:- Virtualization security (Xen, KVM, QEMU)- Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA)- x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, Secure Boot, PCIe)- Security testing including code review of compute platforms (Server, PC or Mobile)- MS in Computer Science, Information Security, or related field, or equivalent work experience- Demonstrated ability to prepare technical specifications and communications- Demonstrated understanding of crypto basics (encryption, signing, certificates, common algorithms)- Familiarity with AWS services (EC2, GuardDuty, S3, IAM, Kinesis, Lambda, KMS, VPC, etc) and familiarity with relevant security standards (TCG, IEEE, NIST, FIPS, PCI, ISO 28000 series)- Familiarity with crypto security design concepts (e.g. certificate handling and PKI, attestation, TPM/HSM)- Knowledge of Windows, Linux, and hypervisor security (especially in cloud environments)- Ability to manually audit source code (One or more of: Java, Ruby, Python, JavaScript, Rust, C, others) to find security issuesAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Pentest Security Engineer, Devices & Services Pentesting

Come join our penetration testing team dedicated to the detection and exploitation of vulnerabilities from Amazon’s consumer services and devices to the Kuiper satellites. This includes conducting in-depth reviews of complex service workflows including authentication mechanisms, AI, mobile, web applications, and web service APIs. Pentesters also invent new ways to automate and improve their work with techniques including AI/LLMs, fuzzing, detection at scale, and static analysis.Our team operates under the Amazon Devices and Services Trust & Security (DSTS) organization which was formed in 2014 with the mission of protecting Amazon Devices & Services (D&S) customers’ trust, data, and the systems on which they rely. We protect customers by performing security reviews, offensive testing, vulnerability assessments, and provide guidance for remediations. We drive down costs by building and automating security foundations and integrating them into design and release processes. DSTS builds the foundational capabilities that raise an org-wide security bar across the growing diversity of D&S businesses - securing 100+ device types, 12,000+ services, and 100+ product lines that are developed and operated by more than 16,000+ builders.The DSTS penetration testing organization is growing and seeking an experienced web penetration tester to help shape the future of Amazon’s service security. You will work with builder teams and product owners to perform penetration testing and identify high-impact security vulnerabilities across the web services ecosystem supporting Amazon’s devices. The ideal candidate will be expected to comprehend large complex web service architectures, dive deep into a service's source code, and to get some exposure to device penetration tests. This role will provide you with challenging technical opportunities and will also be a great deal of fun if hacking Amazon sounds exciting to you! In this role, you will be part of a dedicated team of talented penetration testers identifying vulnerabilities in the devices and services ecosystem. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping millions of customers that rely on Amazon’s consumer products safe and are passionate about mitigating vulnerabilities by providing actionable guidance to product teams. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to enhance manual testing capabilities, automating repetitive tasks, and enjoy seeing your work impact Amazon consumer devices and services, then this position is for you. Candidates from mid to senior level are encouraged to apply.Key job responsibilities- Contribute to penetration tests against services and software released by Amazon’s Devices & Services organization. This includes working closely with builder teams to find vulnerabilities, develop proof of concept exploits, report findings, and validate patches.- Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.- Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance to drive security improvements.- Provides impactful security contributions to large product lines through close collaboration with our partner builder teams.- Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation to guide communication with internal engineering stakeholders and leadership.- Continuous growth and development of technical skillsets while contributing to standing projects for program improvement in DSPT.About the teamWhile the majority of our Security team are based in the US, by applying to this position your application will be considered for all locations we hire for in the world, however candidates should expect to accommodate US time for necessary meetings.Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.Diverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- Bachelor’s degree in Computer Science or related field and 1+ year of equivalent industry experience or 3+ years of equivalent industry experience.- Core understanding of web application and service API vulnerabilities (e.g. mass assignment, broken object/function level authorization, JWT/OAuth, injection, business logic flaws, excessive data exposure, etc.).- Experience tracing sources and sinks during code review to identify vulnerabilities, and providing contextual remediation guidance to address vulnerability root cause.- Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks.- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services.- Foundational knowledge of hardware security fundamentals.- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition.- Experience with Microservice architectures, AI/ML technologies, scripting and tooling, or pentesting as part of an SDLC operation of a large-scale enterprise environment.- Published security research (e.g. conference presentations, whitepapers, blog posts).Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Application Security Engineer, SHINE - Security Hub for Innovation and Efficiency

Help us protect not only the Amazon Web Services (AWS) cloud computing environment but all of our customers as well! Since 2006, our great team at AWS has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. With AWS you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them. AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization, AI and Robotics and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows. AWS Security is looking for an Application Security Engineer to help validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will work with Amazon builders to create secure-by-default solutions. You will have the opportunity to learn from, and be mentored by, those who are building and securing our cutting-edge services. A Security Engineer at Amazon is expected to be strong in multiple domains and provide significant contributions to the AWS IT Security team and to multiple groups throughout Amazon. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization. A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the AWS IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS IT Security and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas. A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties. Key job responsibilitiesThis role will work closely with Amazon builders and AWS technology to define what processes we can make secure by default and how we'd implement. This position will work with a variety of builders and get an opportunity to dive deep into problems to address efficiencies across the builder-security feedback loop.- Design secure-by-default solutions- Projects and research work as needed- Security training and outreach to internal development teams- Security guidance documentation- Security tool development- Security metrics delivery and improvementsA day in the lifeThe SHINE team is a small group of engineers focused on improving the lives of AWS builders and security engineers alike by providing innovate and efficient solutions to shorten the security review process. We have the opportunity to have organizational impact and the mandate to do it. A new team member can expect to iterate quickly, to try and experiment often, while not being afraid to fail fast when needed to work on the next item.About the teamDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why Amazon Security At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve. Inclusive Team Culture In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training and Career growthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. - 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer, GuardDuty Security Analytics and AI Research

Amazon Web Services is looking for experienced Security Engineers to join the Security Analytics and AI Research group within AWS Security Services. This group is entrusted with researching and developing core data mining and machine learning algorithms for Amazon GuardDuty ( On this team, you will invent and implement innovative solutions for never-before-solved problems. If you have experience with information security and a passion for large scale machine learning systems, this will be an exciting opportunity.GuardDuty also detects potentially compromised instances or reconnaissance by attackers. This is an advanced engineering team that is using cutting edge techniques to help customers assess, monitor and protect their cloud based resources.The AWS Security Services team builds technologies that help customers strengthen their security posture and better meet security requirements in the AWS Cloud. The team interacts with security researchers to codify our own learnings and best practices and make them available for customers. We are building massively scalable and globally distributed security systems to power next generation services.Utility Computing (UC)AWS Utility Computing (UC) provides product innovations — from foundational services such as Amazon’s Simple Storage Service (S3) and Amazon Elastic Compute Cloud (EC2), to consistently released new product innovations that continue to set AWS’s services and features apart in the industry. As a member of the UC organization, you’ll support the development and management of Compute, Database, Storage, Internet of Things (Iot), Platform, and Productivity Apps services in AWS, including support for customers who require specialized security solutions for customers who require specialized security solutions for their cloud services.About AWSAmazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Diverse ExperiencesAWS values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. Inclusive Team CultureHere at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.Key job responsibilities- Collaborate with scientists and engineers to research and develop innovative ML/AI solutions for challenging cybersecurity problems.- Analyze the output of ML/AI models for accuracy, customer impact, and interpretability.- Integrate successful experiments into large scale, highly complex production services.- Build complex systems that turn machine/deep learning and AI research into great products for our customers.- Rapidly design and conduct large scale experiments in a high-ambiguity environment, making use of both quantitative and business judgment.- Interact with other security engineers and related domain experts to dive deep into the types of challenges that we need innovative solutions for.- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience- Bachelor's degree in computer science or equivalent- Knowledge of networking protocols such as HTTP, DNS and TCP/IP- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++- Familiarity with machine learning concepts and developmentAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.