Senior Security Engineer

**This role is open to alternative locations including: New York, NY – Seattle, WA - Herndon, VA – Arlington, VA – San Diego, CADo you enjoy seeing the impact your work has on real customers? As a Security Engineer at AmazonWeb Services, you’ll create, maintain, and improve Services and solutions at massive scale, helping toimprove the businesses (and lives) of millions of people around the world. Help us protect not only theAmazon Web Services (AWS) cloud computing environment but all of our customers as well!As a member of The AWS team, you’ll be part of the glue that holds the AWS ecosystem together asyou contribute to securing, validating and sustaining more than 750 million transactions per second.Whether its help validate that our services, applications, and websites are designed and implementedto the highest security standards, AWS is innovating with the customer in mind.AWS Security is on the cutting edge of many security issues for a wide variety of platforms andtechnologies including cloud services, Internet of things (IoT), identity and access management, mobiledevices, virtualization and custom hardware, all operating at massive scale. Similarly, our highlycollaborative team is committed to each team member’s growth as our business grows.AWS Security is looking for a Senior Application Security Engineer to help validate that our services,applications, and websites are designed and implemented to the highest security standards. You willbe responsible for analyzing the security of applications and services, discovering and addressingsecurity issues, building security automation, and quickly reacting to new threat scenarios. You willhave the opportunity to learn from, and be mentored by, those who are building and securing ourcutting-edge services.A Senior Security Engineer at Amazon is expected to be strong in multiple domains and providesignificant contributions to the AWS IT Security team and to multiple groups throughout Amazon.Security engineers are expected to develop elegant solutions to complex business problems and applyappropriate technologies while following security engineering best practices. You are also expected tomentor more junior engineers and be a security thought leader for the organization.A Senior Security Engineer must foster constructive dialogue and seek resolution when confrontedwith discordant views. Engineers in this role are expected to participate fully in the planning of theAWS IT Security team's work and constantly seek opportunities for process improvement. They shouldalso have a deep understanding of at least one specialty for which they are a sought-out resource(both within AWS Security and by groups throughout Amazon), while having an understanding of theapplication of information security in a broad range of technical areas.A successful candidate will need a combination of troubleshooting, technical, and communicationskills, as well as the ability to handle a mix of disparate tasks which may include project and softwaredevelopment work. This role will provide career growth opportunities as you gain new security skills inthe course of your duties.Key job responsibilitiesKey job responsibilities• Application security reviews• Mobile security reviews• Secure architecture design• Threat modeling• Projects and research work as needed• Security training and outreach to internal development teams• Security guidance documentation• Security tool development• Security metrics delivery and improvements• Assistance with recruiting activities and administrative work- MS in Computer Science or related field, or equivalent work experience- Minimum of 5 years of experience with any combination of the following: mobile security, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security- Minimum of 5 years of experience with security engineering, system and network security, authentication and security protocols, cryptography, application, database, or storage security- Experience implementing security solutions at the business division level- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)- Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)- Excellent written and verbal communication skills- Demonstrable teamwork skills and resourcefulness- Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)- Strong sense of ownership, urgency, and driveAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Associate, Customer Incident Response, Customer Incident Response Team

Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer operate securely in the cloud. Building on those experiences you’ll collaborate with AWS service teams on new features, innovate with new technologies, and explore new challenges.The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.Sales, Marketing and Global Services (SMGS)AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success. AWS Support also partners with a global list of customers that are building mission-critical applications on top of AWS services.Key job responsibilities• Support incident response operations• Become a technical resource that earns the trust of customer stakeholders before, during, and after a security event.• Contribute as part of a team that include Amazonians, partners, and customers to build and deploy threat detection and incident response capabilities.• Assist in the design, building, and deployment of solutions to automate security operations and incident response on AWS.• Develop high-quality content, such as automation tools, reference architectures, and white papers to help our customers secure their workloads.• Innovate on behalf of customers by translating your thoughts into action-yielding results.• Mentor and invest in our team, partners and customers to raise the bar for our customers.• On-call required.A day in the lifeA day in the lifeDiverse Experiences Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. Inclusive Team Culture Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship and Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. - Hands-on technical experience in incident response technology, security, automation, implementation, integration, and/or deployment- Experience building/operating on the AWS platform- Experience in technical IT security or related job role- Hands-on technical experience in building scripts, tools, or methodologies that enhance customers’ threat detection and incident response capabilities.- Strong scripting skills in modern scripting languages like PowerShell, Python, Node.js, Javascript, Bash, Ruby, or SQL.- Experience communicating complex technical matters clearly and concisely orally and in writing.- Experience managing customers during a security event, including managing customer expectations and delivering results.- Detailed knowledge of incident response workflows and processesAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Senior Security Engineer, Maximum Application Security Team (MAST)

In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from cutting-edge digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe’s largest AWS deployment.As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application’s code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the Stores AppSec organization to work hard, have fun, and make history!Key job responsibilities* Creating, updating, and maintaining threat models for a wide variety of software projects* Manual and automated secure code review, primarily in Java, Python and Javascript* Development of security automation tools* Adversarial security analysis using cutting-edge tools to augment manual effort* Security training and outreach for internal development teams* Security architecture and design guidance* Lead execution and definition of security strategy for your team* Mentor and develop teammates both technically and professionally* Seek out, develop, and advocate for new technology to identify and mitigate complex risks* Effectively navigate novel situations and problems that do not have a defined solutionAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science or related field, or equivalent work experience- Minimum of 5 years of experience with at least three of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security- Advanced knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security- Experience reading and writing in at least one programming language- You demonstrate excellent judgement in assessing and prioritizing technical risk- You have a strong application security background with a focus on scalable solutions- You have experience building and- You effectively negotiate priorities across teams to achieve challenging goals and security debt reductionAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineering Manager , Stores Application Security

Amazon is continuously innovating new services and features for our customers. Our engineers invent, build, and sometimes break things to make them easier, faster, better, and more cost-effective. However, no matter what we’re building – from websites to web services, AR to AI, drones to devices – security is always our top priority. The Amazon Application Security team focuses on working with our builders to provide experiences that our customers can trust. That means constantly learning new things and solving complex problems to protect the safety, security, and privacy of billions of lives on a global scale.At Amazon, you’ll be working with the best minds in technology and security. Learn and be curious here, and accelerate your career growth. You can take pride in knowing that your work is meaningful, having a positive impact on others and making the world a better place.We are looking for an experienced security leader to join the Application Security team. As a security leader, you will own building and managing a team of security engineers, fostering a strong team culture. You should know how to prioritize, communicate clearly and compellingly, and understand how to drive a high level of focus and excellence with a strong team. Passion and discipline around cloud computing is critical, as is a high level of ownership and accountability.As a manager on our team, you will recruit and lead a team of top-notch application security engineers to solve interesting security challenges that arise when Amazon invents new technologies. You’ll help them develop their skills and their careers as you tackle those challenges and contribute to Amazon’s overall security and privacy strategy.Key job responsibilities- Lead, manage, and develop a team of Security Engineers and Technical Program Managers responsible for Application Security (AppSec) of Amazon services.- Lead the strategic direction and evolution of the Application Security review team/s, including setting goals and establishing priorities.- Set the direction for the team by driving strategic initiatives, influencing leadership, key stakeholders, and partnering with teams throughout Amazon.- Develop a healthy and collaborative culture and enable the team to deliver results.- Lead effective teamwork, communication, collaboration and commitment across multiple disparate groups with competing priorities.- Lead improvements to internal program and process.- Write and deliver high-quality documents for technical and non-technical audiences.- Drive the adoption of security processes, automation, and tooling to improve operational efficiency.About the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- Bachelor's degree- Minimum of 5 years of experience in leading, managing, and developing high-performance teams.- At least 5 years of progressive experience within a software security team or a similar operating environment.- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+- Strong technical understanding of the OWASP Mobile Security standards.- Excellent written communication skills with the ability to translate technically complex issues into simple, easy-to-understand concepts.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Senior Security Engineer, AppSec Review Mechanisms

The primary goal of the Review Mechanism (RM) team is to improve the security review process by increasing efficiency and quality to help reduce risk. We work closely with teams across Amazon to identify challenges and areas for improvement, using data and feedback to implement meaningful changes. We focus on refining the security review process and work with partner teams to improve wikis, knowledge bases, SKB, training. Additionally, we collaborate with teams like Shepherd, Veritas, and ASR to prioritize new feature development, while also creating our own tools to enable rapid experimentation and continuous improvement.Key job responsibilities- Optimize Security Review Process: Streamline and improve workflows to increase efficiency and reduce risk.- Cross-Team Collaboration: Work with teams like Shepherd, Veritas, and ASR to drive feature development and align on security improvements.- Identify Process Gaps: Analyze and address inefficiencies or low-quality areas in the security review process.- Enhance Documentation and Training: Maintain and improve resources (wikis, SKB, training) for consistent security guidance.- Data-Driven Improvements: Use data to make informed changes and track progress in the security review process.- Develop Tools and Automations: Build and deploy internal tools to enable rapid experimentation and continuous improvement.- Establish Feedback Loops: Collect and act on feedback to keep processes aligned with team needs.- Experiment and Iterate: Test and refine tools, methods, and processes to stay adaptive to new threats and requirements.- Champion Security Standards: Promote consistent security practices and high standards across teams.About the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- 5+ year's experience as a Security Engineer (such as application security, penetration testing, red teaming, incident response, etc.)- BS degree in Computer Science, Computer Engineering, Electrical Engineering, similar technology degrees or 8+ years' equivalent technology experience- Experience with various threat modeling methodologies, coding skills and strong communication skills.- Experience briefing senior leaders.- Secure software development lifecycle experience.- Knowledge of distributed systems and security protocols.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Product Security Engineer, Payments Security - Core Security Services

Amazon Payments processes millions of transactions every day across numerous countries and payment methods. Over 100 million customers and merchants send tens of billions of dollars through our systems annually. We are re-inventing the vision of our platform to provide our internal and external clients the best payment gateway service, benchmarked against the top external alternatives. Paramount to our success is ensuring that customer data is secure across Amazon Payments products and services. At the Payments Proactive Security Team, we are influencing the internal Payments ecosystem to pursue best security practices as well as driving the improvement of product security at scale by leveraging the automated solution and feedback loop mechanism established internally.A Security Engineer in Amazon will be strong in multiple security domains and sought out for advice on technical issues. Efficient time management skills are required along with the ability to deliver results in the face of uncertainty. Engineers in this role must show exemplary judgment in making technical trade-offs between short versus long term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. The successful candidate must be one that can handle several difficult challenges and problems, can make risk-based assessments founded on data and facts. Additionally, the successful candidate will be: - Methodically empirical and experimental in approach and evaluation without being bound by over paralysis-by-analysis;- Work ceaselessly to improve knowledge of the security field, threat landscape, security intelligence, moving proactively toward prevention and detection of threats;- Be an enthusiastic learner and curiosity seeker, focusing on what can be done rather than hindered by notions of what cannot be;- Possess effective verbal and written communication skills, be passionate about sharing knowledge, tactics, strategy, as well as advocating for the project mission;- Have excellent time management skills along with the ability to deliver results in the face of uncertainty; and- Evangelize security within Amazon.com and be an advocate for customer trust.A successful candidate will be a deeply curious individual who brings technical expertise, and ability to work within a fast-paced startup culture in a large company that has broad business impact. This is a unique opportunity to start with Amazon Payments and innovating and scaling security to protect customer trust.Key job responsibilities- Work closely with service teams to identify threats and vulnerabilities throughout Software Development Life Cycle and provide guidance on mitigating the issues. - Identify and prioritize security problems that can be detected using automation.- Develop detection prototypes for these security problems to enhance our tool-set for static and dynamic analysis.- Work with builders and service teams to address detected security problems in an appropriate and timely fashion.- Identify opportunities to prevent security problems at scale.- Develop prototypes to prevent these security problems.- Document and provide security guidance that will be used across Amazon Payments. - Deliver metrics to show effectiveness of our security initiatives.About the teamThe Amazon Payments Core Security team's mission is to build mechanisms that help prevent security issues from affecting Amazon's Payment Applications. A security engineer in Payments Core Security team will work closely with application developers, evangelize security and build scalable vulnerability detection mechanisms that help secure our most critical applications. Diverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why Amazon Security At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve. Inclusive Team Culture In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training and Career growthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. - Bachelor's degree in computer science or equivalent- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience- 3+ years experience with security analysis on cloud services, especially server-less and authentication services.- 2 + years experience using data analysis tools and technologies, such as SQL, Jupyter, R, Python.- 3+ years experience with active attacks / live scenarios / applied computer security.- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- 3+ years with cloud technologies (AWS preferred, Azure, Google Cloud, etc).- Masters degree in mathematics, computer science, or related engineering disciplines.- Familiarity with host and network log analysis.- Standing relationships with global associations relevant to the position.- Knowledge and experience with hunting utilizing TTPs (Tactics, Techniques and Procedures).- Experience with security architecture, system architecture, threat modeling, incident handling/response, reverse engineering, malware analysis, adversary methodologies, and/or threat intelligence.- Possess a strong understanding of common enterprise technologies. Extensive knowledge of computing security issues and threat vectors.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Customer Incident Response, Global Services Security - Customer Incident Response Team

Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer operate securely in the cloud. Building on those experiences you’ll collaborate with AWS service teams on new features, innovate with new technologies, and explore new challenges.The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customersSales, Marketing and Global Services (SMGS)AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success. AWS Support also partners with a global list of customers that are building mission-critical applications on top of AWS services.Key job responsibilities• Perform and oversee incident response operations• Become a deep technical resource that earns the trust of customer stakeholders before, during, and after a security event.• Independently contribute to teams that include Amazonians, partners, and customers to build and deploy threat detection and incident response capabilities.• Design, build, and deploy solutions to automate security operations and incident response on AWS.• Independently contribute to internal builder projects to develop new consulting engagement models and capabilities for customers.• Develop high-quality content, such as automation tools, reference architectures, and white papers to help our consultants, partners, and customers build on the work that we deliver.• Innovate on behalf of customers by translating your thoughts into action-yielding results.• Mentor and invest in our consultants, partners, and customers to raise the bar for our customers.• Periodic on-call required.About the teamDiverse ExperiencesAmazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why AWSAmazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud.Inclusive Team CultureHere at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship and Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.- Experience performing incident response activities- 1+ years of experience building/operating on the AWS platform- 3+ years of experience in technical IT security or related job role- 2+ years of threat detection or incident response experience- Hands-on experience in incident response technology, security, automation, implementation, integration, and/or deployment.- Hands-on technical expertise in building scripts, tools, or methodologies that enhance customers’ threat detection and incident response capabilities.- Strong scripting skills in modern scripting languages like PowerShell, Python, Node.js, Javascript, Bash, Ruby, or SQL.- Experience communicating complex technical matters clearly and concisely orally and in writing.- Experience managing customers during a security event, including managing customer expectations and delivering results.- Detailed knowledge of incident response workflows and processesAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

AWS Sr Application Security Engineer, AppSec -EC2

Help us protect not only the Amazon Web Services (AWS) cloud computing environment but all of our customers as well! Since 2006, our great team at AWS has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. With AWS you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them. AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows. AWS Security is looking for an Application Security Engineer to help validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios. You will have the opportunity to learn from, and be mentored by, those who are building and securing our cutting-edge services. A Security Engineer at Amazon is expected to be strong in multiple domains and provide significant contributions to the AWS IT Security team and to multiple groups throughout Amazon. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization. A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the AWS IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS IT Security and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas. You will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties. Key job responsibilities• Application security reviews • Mobile security reviews • Secure architecture design • Threat modeling • Projects and research work as needed • Security training and outreach to internal development teams • Security guidance documentation • Security tool development • Security metrics delivery and improvements • Assistance with recruiting activities and administrative workAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS (or higher) in Computer Science or related field, or equivalent work experience.- 5+ years of experience in application security with any combination of the following: threat modeling experience, secure design reviews, code reviews, pen-testing- Expertise in multiple security domains such as identity management and authentication, cryptography, networking, web protocols- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Manager - AWS Application Security, AWS Proactive Security

Cloud security is our highest priority at AWS. As an AWS customer, you benefit from an environment built to meet the requirements of the most security-sensitive organizations. As an AWS Security team member, you will help secure that environment for our customers while working on cutting edge security products for a variety of platforms and technologies, all operating at massive scale. We are looking for an experienced security leader to join the AWS AppSec team. As a security leader, you will own building and managing a team of security engineers and leaders, fostering a strong team culture. You and your team will be responsible for reviewing and testing our new services before release, partnering closely with our development teams to produce innovative and secure solutions. We are looking for a leader that is highly passionate about the potential of cloud computing and building a high performing security team. Security Managers at Amazon have a track record of delivering high quality technology products and services in a hyper-growth environment where priorities shift quickly. You should know how to prioritize, communicate clearly and compellingly, and understand how to drive a high level of focus and excellence with a strong team. AWS in general, and AppSec in particular, operates at very large scale and demands high standards, so a passion and discipline around security and delivery is critical. A high level of ownership and accountability is a must. About the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- 5+ years of experience leading, managing & developing high performance security teams such as Application Security, Security Assurance, Red Teams- 7+ years of experience within a software security team or similar operating environment- Hands-on knowledge of information security technologies such as security design review, threat modeling, risk analysis, and software testing techniques- BA/BS in computer science, information security, related discipline, or equivalent work experience- Experience in Identity frameworks, standards- Experience of working in cloud technologies- MA/MS in computer science/related field- Information security professional certifications encouraged (SANS GIAC, CISSP etc.)- Excellent written communication skills, with a focus on translating technically complex issues into simple, easy to understand conceptsAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $157,600/year in our lowest geographic market up to $272,400/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer II, AppSec AI

Come join Earth's most customer-centric company! Amazon is looking for an AI Security Engineer with strong insight and passion for security to ensure our AI applications are designed and built to the highest standards. Your mission is to secure the AI experiences of hundreds of millions of our customers. You bring AI security talent and expertise to a fast-paced environment where you will be relied upon to partner with our talented software development teams in building secure AI applications.As an AI Security Engineer, you will work with software development teams to ensure the security of AI applications. You will review code for security issues, build frameworks to help developers create more secure software, and adjust designs to improve protection. You will also perform security research, analyze bug reports, conduct risk assessments, develop automation, maintain documentation, and create tools that reduce security risks. Your work drives secure, reliable AI applications for Amazon's customers.Key job responsibilities* You will create, update, and maintain threat models for a wide variety of software projects. * You will perform manual and automated code review, primarily in Java, Python, and JavaScript* You will develop AI security automation tools. * You will perform AI security training and outreach for internal development teams. * You will provide AI security architecture and design guidance. * You will independently solve AI security problems that require novel methods or approaches. * You will influence your team's and partners' process, priorities, and choices to improve outcomes.About the teamAbout the teamThe AppSec AI team is tasked with empowering the business to create secure, trustworthy AI applications that our customers find delightful to use. We engage closely with the business from the outset of the development process to ensure that security considerations are integrated early and consistently. This collaborative approach positions us as partners with the business, minimizing the need for security trade-offs. Our close work with product teams allows us to participate in deep technical discussions and decisions. We prioritize obtaining the right training and career growth opportunities, enabling us to Dive Deep and Earn Trust with our development teams.About Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- Knowledge of GenAI systems and associated security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent- Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security.- Bachelor's degree in computer science or equivalent, plus 3+ years of security engineering experience.- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Senior Security Engineer, Corporate Services Security

Corporate Services Security (CPSS) is the Amazon security team aligned with Finance & Global Business Services (FGBS), People eXperience & Technology (PXT), Legal, and Global Communications and Community Impact (GCCI) business units.Our Mission is to protect and safeguard Amazon's corporate services, systems, and data. Through proactive engagement with the development teams, we understand the dynamic business processes that run Amazon, and enable our stakeholders to innovate, build, and scale securely. The Product Security Team within CPSS supports a large number of applications built using AWS Services. Apart from work, we provide opportunities for our engineers to pursue projects they are passionate about while maintaining work life harmony.Key job responsibilitiesCreating, updating, and maintaining threat models for a wide variety of software projects* Manual and Automated Secure Code Review, primarily in Java, Python and Javascript* Development of security automation tools* Adversarial security analysis using tools to augment manual effort* Provide Security training and outreach for internal development teams* Provide Security architecture and design guidance to application development teams* Independently solve systemic, complex security problems that require novel methods or approaches* Influence your team’s and partners’ process, priorities, and choices by using data to improve security outcomes* Provide technical and strategic guidance to senior leaders and stakeholders through effective oral and written communications A day in the lifeAs a Senior Security Engineer, you will collaborate with SW development teams to ensure we keep our customers safe while developing novel services. In a given day, you might be inspecting an application’s code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service.The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security specialist with one or more areas of deep expertise within application security. They will clearly articulate risks to technical and non-technical audiences alike. Successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. They will shape the strategy of the Product Security Team and influence systemic security improvements across our service organizations.About the teamDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science or related field, or equivalent work experience- Minimum of 7 years of experience with at least two of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security- Intimate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security- Experience reading and writing in at least one programming language- Demonstrated ability of judgement in assessing and prioritizing technical risk- Strong application security background with a focus on scalable solutions- Experience building and securing complex AWS architecture- Proven experience identifying and removing bottlenecks for your teammates, both in process and technology- Experience securing Finance applications- Proven experience shaping the strategy of a Product Security Team- Demonstrated experience influencing systemic security improvements across organizationAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer II, AWS Infrastructure Services Incident Response

AWS Infrastructure Services owns the design, planning, delivery, and operation of all AWS global infrastructure. In other words, we’re the people who keep the cloud running. We support all AWS data centers and all of the servers, storage, networking, power, and cooling equipment that ensure our customers have continual access to the innovation they rely on. We work on the most challenging problems, with thousands of variables impacting the supply chain — and we’re looking for talented people who want to help. You’ll join a diverse team of software, hardware, and network engineers, supply chain specialists, security experts, operations managers, and other vital roles. You’ll collaborate with people across AWS to help us deliver the highest standards for safety and security while providing seemingly infinite capacity at the lowest possible cost for our customers. And you’ll experience an inclusive culture that welcomes bold ideas and empowers you to own them to completion.At Amazon Web Services (AWS), we provide world-class, flexible, scalable, and secure cloud services to the world’s fastest-growing startups, the largest enterprises, and leading government agencies. We do this by building, maintaining, and securing one of the largest, most complex networks in the world. Within AWS, the Infrastructure Security (InfraSec) team is responsible for threat intelligence, vulnerability management, security information and event management (SIEM), incident response, and overall network security across the entire AWS global network.The InfraSec team is looking for a Security Engineer with deep expertise in security incident response or security operations to join us as a member of the InfraSec Incident Response team. In this role, you will be responsible for leading the investigation, analysis, escalation, and remediation (performing or coordinating) of network security incidents. Additional responsibilities will include maintaining the network security incident response plan, partnership with other AWS teams, and driving after action policy and governance changes. Finally, you will partner with Threat Intelligence and Detection Engineering Security Engineers to improve the team's detection and response capabilities.AWS leads and innovates. We don’t just buy off-the-shelf software or follow others. We research and pursue the best approach for the business, whether that’s building new solutions or leveraging existing ones. AWS, and InfraSec in particular, operate at massive scale and as a result, demand the highest standards, passion, and discipline for information security and software engineering. A high level of ownership and accountability is a must for this role.About the teamAbout AWSDiverse ExperiencesAWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why AWS?Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.Inclusive Team CultureHere at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.Mentorship & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional. Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud. - Bachelor's degree in computer science or equivalent- Knowledge of networking protocols such as HTTP, DNS and TCP/IP- Experience leading incident response activities in a large, globally distributed organization- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- Experience with AWS products and services- Experience with programming languages such as Python, Java, C++- CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Sr Security Engineering Manager - Hardware Security, Device Security

Amazon Devices and Services is an inventive research and development organization that designs and engineers Amazon devices, from Kindle to Fire TV and Amazon Echo. What will you help us create?Are you interested in being part of a top-notch security team covering all Amazon devices (including consumer devices like Kindle, FireTV, Echo, Astro robots, Ring doorbells, cameras, drones, etc. and newlines of devices including Kuiper satellites) ? If you want to keep customers safe, then we have a job for you! Amazon’s Devices and Services Security is growing and looking for a strong leader. You will be tasked in setting the strategic direction for hardware security for all Amazon devices while developing and taking the team to the next level. As a Senior Manager at Amazon Devices and Services Security, you will have an enormous opportunity to lead a team of top notch security engineers respected by product teams, drive down systemic and tactical risk to Amazon devices, and develop long lasting functions and features for Amazon devices. You care deeply about keeping Amazon customers safe and therefore are passionate about mitigating vulnerabilities/risks by providing actionable guidance and solutions to product teams. You drive long term security improvements by identifying key gaps and partner with product teams to drive security improvements at scale. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. Note: While the majority of our Security roles are based in the Bay Area, CA and Seattle, WA areas, by applying to this position your application will be considered for other locations we hire for in the United States, including but not limited to: Bellevue, WA; Boston, MA, Austin TX.Key job responsibilitiesKey Job Responsibilities Include:- Fostering, coaching, recruiting and scaling a team of world class hardware security engineers; providing strategic and tactical oversight to the team and the program.- Defining a hardware security roadmap; aligning with key business stakeholders to ensure that objectives are focused on areas of key concern for internal and external Amazon customers; providing technical oversight for all phases of the hardware security lifecycle. - Creating and driving a culture of inclusion where team members are encouraged to take risks and push limits in order to challenge organizational security assumptions. - Partner with key stakeholders to drive implementation of security-related technical and process controls to remediate risks identified during engagements.- Provide updates to senior leadership on a regular cadence.- Provide verbal and written summaries of engagements to Amazon stakeholders and business owners.- Engage in retrospectives with the partners and create a feedback loop to foster continuous improvement of delivery mechanisms and approaches.About the teamAbout Amazon Security:At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services.Diverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon SecurityAt Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Mentorship and Career growthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.- Bachelor's degree in Computer Science, related field or relevant work experience- 10+ years of industry experience with a proven track record of hands on hardware security experience.- 10+ years managing and building teams (including coaching and mentoring)- Strong and proven ability to communicate technical concepts to a non-technical audience and stakeholders- Experience managing a team of strong security engineers to identify strategic and tactical risk.- Master’s degree- 10+ years of risk assessment and vulnerability research and enabling organizations making decisions- Significant experience and detailed technical knowledge in one of the following areas: security engineering, chipset and system security, cryptography, authentication and security protocols.- Experience with threat modeling or other risk identification techniques, and risk management- Experience partnering and influencing cross functional engineering, QA and testing teams to drive security improvements in complex environments- Experience driving prioritization of security risks/vulnerabilities and ensuring that they are properly understood by the business and fixed and/or mitigated.- Strong analytical and quantitative skills with the ability to use data and metrics to back up assumptions and recommendations and drive actionsAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $187,500/year in our lowest geographic market up to $324,100/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer, Maximum Application Security Team (MAST)

In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from cutting-edge digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe’s largest AWS deployment.As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application’s code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers.The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions.Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history!Key job responsibilities* Creating, updating, and maintaining threat models for a wide variety of software projects* Manual and Automated Secure Code Review, primarily in Java, Python and Javascript* Development of security automation tools* Adversarial security analysis using cutting-edge tools to augment manual effort* Security training and outreach for internal development teams* Security architecture and design guidance* Independently solve security problems that require novel methods or approaches* Influence your team’s and partners’ process, priorities, and choices to improve outcomesAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science or related field, or equivalent work experience- Minimum of 3 years of experience with at least two of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, penetration testing, cloud security, mobile security, and network security- Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security- Experience reading and writing in at least one programming language- You demonstrate excellent judgement in assessing and prioritizing technical risk- You have a strong application security background with a focus on scalable solutions- You have experience building and securing complex AWS architecture- You have excellent written and verbal communication skills- You work to identify and remove bottlenecks for your teammates, both in process and technologyAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

AWS Security Operations/Incident Response Engineer, US Amazon Dedicated Cloud Security

Amazon Web Services (AWS) is the leading cloud provider, providing virtual infrastructure, storage, networking, messaging, and many other services to customers all over the world. AWS runs a globally distributed environment, operating at massive levels of scale. Businesses, from start-ups to enterprises, run their operations and applications on AWS’s multi-tenant infrastructure. Governmental organizations are also looking to and depending on AWS for cloud solutions and services.The AWS Security Incident Response team is seeking a focused Security Engineer who can take on a leadership role in responding to security issues in support of our National Security program. This engineer will work as a part of a growing team of security engineers who are focused on protecting the AWS infrastructure that is used by our national security customers. Our security engineers perform many duties during an average day: log analysis, incident response, forensics, system/tooling development, and risk assessment, just to name a few. You must thrive in high-pressure situations, think like both an attacker and defender, and drive relevant teams to take the right actions in the right time frames to mitigate risks. They also need to balance technical risks against business needs and be able to articulate risks and mitigations to members of leadership at various levels.You should have a good mix of deep technical knowledge and a demonstrated background in information security. We value broad and deep technical knowledge, specifically in the fields of cryptography, network security, software security, malware analysis, forensics, security operations, incident response, and emergent security intelligence.This position requires that the candidate selected be a US Citizen and must currently possess and maintain an active TS/SCI security clearance with polygraph.Key job responsibilitiesYou should be able to accomplish most of the following: - Confidently and intelligently respond to security incidents, and proactively consider how to prevent the same type of incidents from occurring in the future. - Design and coordinate cohesive responses to security events that involve multiple teams across the organization. - Build security utilities and tools for internal use that enable you and your fellow Security Engineers to operate at high speed and wide scale. - Ability to communicate effectively at multiple levels of sensitivity, and multiple audiences. - Recognize, adopt and instill the best practices in security engineering fields throughout the organization: development, cryptography, network security, security operations, incident response, security intelligence. - Fulfill regular on-call responsibilities.About the teamOur team is dedicated to supporting new team members. Our team has a broad mix of experience levels and Amazon tenures, and we’re building an environment that celebrates knowledge sharing and mentorship.Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 16 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+- Current, active US Government Security Clearance of TS/SCI with Polygraph- Experience with AWS products and servicesAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Pentest Security Engineer, Devices & Services Pentesting

Come join our penetration testing team dedicated to the detection and exploitation of vulnerabilities from Amazon’s consumer services and devices to the Kuiper satellites. This includes conducting in-depth reviews of complex service workflows including authentication mechanisms, AI, mobile, web applications, and web service APIs. Pentesters also invent new ways to automate and improve their work with techniques including AI/LLMs, fuzzing, detection at scale, and static analysis.Our team operates under the Amazon Devices and Services Trust & Security (DSTS) organization which was formed in 2014 with the mission of protecting Amazon Devices & Services (D&S) customers’ trust, data, and the systems on which they rely. We protect customers by performing security reviews, offensive testing, vulnerability assessments, and provide guidance for remediations. We drive down costs by building and automating security foundations and integrating them into design and release processes. DSTS builds the foundational capabilities that raise an org-wide security bar across the growing diversity of D&S businesses - securing 100+ device types, 12,000+ services, and 100+ product lines that are developed and operated by more than 16,000+ builders.The DSTS penetration testing organization is growing and seeking an experienced web penetration tester to help shape the future of Amazon’s service security. You will work with builder teams and product owners to perform penetration testing and identify high-impact security vulnerabilities across the web services ecosystem supporting Amazon’s devices. The ideal candidate will be expected to comprehend large complex web service architectures, dive deep into a service's source code, and to get some exposure to device penetration tests. This role will provide you with challenging technical opportunities and will also be a great deal of fun if hacking Amazon sounds exciting to you! In this role, you will be part of a dedicated team of talented penetration testers identifying vulnerabilities in the devices and services ecosystem. You will strive to understand systems, software, and services deeply and develop creative ways to break assumptions in order to find vulnerabilities. You care deeply about keeping millions of customers that rely on Amazon’s consumer products safe and are passionate about mitigating vulnerabilities by providing actionable guidance to product teams. You're well-known for your excellent prioritization skills as well as your ability to communicate at all levels of an organization. If you're passionate about finding security bugs, writing tools to enhance manual testing capabilities, automating repetitive tasks, and enjoy seeing your work impact Amazon consumer devices and services, then this position is for you. Candidates from mid to senior level are encouraged to apply.Key job responsibilities- Contribute to penetration tests against services and software released by Amazon’s Devices & Services organization. This includes working closely with builder teams to find vulnerabilities, develop proof of concept exploits, report findings, and validate patches.- Analyze and identify security vulnerabilities in source code using both automated and manual static analysis tools and techniques.- Review and influence technical solutions to mitigate security vulnerabilities by providing actionable long-term risk mitigation guidance to drive security improvements.- Provides impactful security contributions to large product lines through close collaboration with our partner builder teams.- Develop detailed technical documentation describing identified vulnerabilities, associated impact, and recommended remediation to guide communication with internal engineering stakeholders and leadership.- Continuous growth and development of technical skillsets while contributing to standing projects for program improvement in DSPT.About the teamWhile the majority of our Security team are based in the US, by applying to this position your application will be considered for all locations we hire for in the world, however candidates should expect to accommodate US time for necessary meetings.Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren’t focused on how many hours you spend at work or online. Instead, we’re happy to offer a flexible schedule so you can have a more productive and well-balanced life—both in and outside of work.Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we’re building an environment that celebrates knowledge sharing and mentorship. We care about career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.Diverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- Bachelor’s degree in Computer Science or related field and 1+ year of equivalent industry experience or 3+ years of equivalent industry experience.- Core understanding of web application and service API vulnerabilities (e.g. mass assignment, broken object/function level authorization, JWT/OAuth, injection, business logic flaws, excessive data exposure, etc.).- Experience tracing sources and sinks during code review to identify vulnerabilities, and providing contextual remediation guidance to address vulnerability root cause.- Experience designing and reviewing secure system architectures through the use of Threat Modeling incorporating sophisticated and modern attacks.- Knowledge of cloud service providers and their offerings, preferably AWS, and its various technologies and services.- Foundational knowledge of hardware security fundamentals.- Experience in CTF competitions, CVE research, and/or Bug Bounty recognition.- Experience with Microservice architectures, AI/ML technologies, scripting and tooling, or pentesting as part of an SDLC operation of a large-scale enterprise environment.- Published security research (e.g. conference presentations, whitepapers, blog posts).Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Senior Security Engineer, US ADC Security INFOSEC

The U.S. Amazon Dedicated Cloud Information Security team is looking for an experienced Senior Security Engineer with a strong control testing, investigation, and development background. You will lead security reviews, facilitate code reviews, and build/enhance cloud architectures that support security programs. This may include writing code/scripts and creating detection mechanisms.As a Senior Security Engineer you will be expected to influence the business and technology direction of the team. You will have the ability to impact the goals of not only your direct team but partner teams and stakeholders as well. You will be counted on to define and apply the standards for engineering, test, and operational excellence best practices for your team.This is a hands-on position where your daily activities will range from facilitating logistics for security reviews, performing threat modeling, configuring software and hardware test environments, guiding/monitoring internal and external test personnel, addressing complex technical questions around cryptography, access, and threats/mitigations. To succeed in this role, you will deliver on-time results that delight your customers while inspiring your team to think big about their work.Key job responsibilitiesProviding security engineering solutions and support during customer-facing engagements, proactively addressing customer needs while reducing risks.Working alongside and mentoring Information Security engineers to improve security, reduce and quickly address risk. Instilling a culture that drives DevOps, holding a high quality bar with code reviews, driving automation efforts to empower, and removing barriers for your team.Translating complex functional and technical requirements into detailed architecture and design.This position requires that the candidate selected be a US Citizen and must currently possess and maintain an active TS/SCI security clearance with polygraph.- 5+ years experience in system, network, and/or application security.- 5+ years of programming with at least one modern language such as C++, C#, Java, Python, Golang, Rust, Ruby experience.- 5+ years of non-internship professional software development experience.- Experience leading the design, build, and deployment of complex and performant (reliable and scalable) software solutions in production.- Bachelor's degree in engineering or computer science, or equivalent work experience.- Current, active US Government Security Clearance of TS/SCI with Polygraph- Excellent written and verbal communication skills with the ability to adapt messaging to executive, technical, and non-technical audiences.- Deep understanding of software development and deployment practices - feature branch management strategies, continuous integration, continuous delivery, software observability, and metering.- Experience with secure application development - static application security testing, dynamic application security testing, vulnerability scanning and mitigation.- Experience with AWS services.- Experience in vulnerability management or security operations.- Familiarity with system interfaces: gRPC, REST, SQL.- Familiarity with database replication.- Understanding of High Availability, Disaster Recovery, and Failover.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Security Engineer II, Application Security Automation

As a member of the Application Security Automation team, you will help provide automated security testing (SAST/DAST) solutions for all of Amazon. Our team’s goal is to empower both development and security teams with accurate security detections at the highest standards of quality in order to identify and eliminate risk across Amazon’s application portfolio. You will be responsible for performing security assessments and delivering new security detection rules to enhance our existing testing capabilities. This role will routinely challenge your technical background and critical thinking. You will be expected to collaborate with our team’s stakeholders in a fast-paced environment across many technology stacks and services to deliver scalable solutions.Key job responsibilities- Develop, curate, and improve application security detections (static and dynamic) to identify vulnerabilities at scale- Evaluate and recommend new security testing tools- Perform static and dynamic application security assessments to ensure the highest quality standard for our detection rule sets- Risk assessment and Threat Modeling- Develop, enhance, and interpret security standards and guidance- Demonstrate and promote security best practices, drive improvements of Amazon’s overall security architectureAbout the teamDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying. Why Amazon Security At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve. Inclusive Team Culture In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience- Bachelor's degree in computer science or equivalent- Knowledge of networking protocols such as HTTP, DNS and TCP/IP- Experience with programming languages such as Python, Java, C++Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Senior Security Engineer, AWS Proactive Security

The Amazon Web Services (AWS) Proactive Security team continuously works to ensure our services and resources are implemented and maintained to the meet the highest standards of security. Our mission is to prevent security incidences from happening and when they do, we detect and mitigate them in real time.We are looking for a Senior Security Engineer who has a strong passion for security-at-scale. We develop tools and prototypes to automatically detect and prevent security problems in AWS source code, services and resources. Our team deals with immense quantities of resources and we use cutting-edge analysis techniques to solve the most complex security issues at scale.You will use your security expertise to define new tooling domains and building new security focused products within AWS Security. You will collaborate with Builders, Security Analysts and Applied Scientists to drive security improvements. The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, you will be a security generalist with one or more areas of deep expertise. You will communicate risks across the business to both technical and non-technical audiences, and effectively harmonize disparate opinions while reducing risk.Key job responsibilities* Research, identify, and prioritize security problems that can be detected using automation.* Effectively drive conversations with Principal Engineers, Directors and VPs to influence business investments and prioritize risks.* Develop detection prototypes for these security problems to enhance our tool-set for static, dynamic or network analysis. Provide security architecture and design guidance and develop security automation tools.* Work with Builders and service teams to address detected security issues in an appropriate and timely fashion.* Identify opportunities to prevent security issues at scale.* Document and provide security guidance that will be used across AWS services.* Deliver metrics to show effectiveness of our security initiatives.* Mentor and develop teammates both technically and professionally.* Seek out, develop, and advocate for new technology to research, identify, and mitigate complex risks.* Effectively navigate novel situations and problems that do not have a defined solution.A day in the lifeAbout the teamAbout Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS in Computer Science, Information Security or equivalent- Minimum of 5 years of experience with any combination of the following: mobile security, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security- Knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security- An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)- Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)- Experience managing and delivering security solutions at scale- Demonstrated experience collaborating with other security engineers and developers to deliver complex projects- Experience with AWS or similar enterprise cloud computing platforms.- Knowledge of Linux systems and operating system internals- Excellent written and verbal communication skills with the ability to convey technical information to a wide variety of audiences; and strong and creative problem-solving abilities- Strong sense of ownership, urgency, and driveAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.

Security Engineer, AWS Security Operations Center (SOC), Cloud Ops

The Amazon Web Services Security Operations Center (AWS-SOC) Cloud Operations Team manages security issues across the globe. The team is looking for a highly motivated, technically inclined individual to work as a Security Engineer. A successful candidate will need to embody our 16 leadership principles; especially in Learn and Be Curious, Earns Trust, and Dives Deep. You will work from the Seattle, WA SOC location. You need to be comfortable working in a fast paced technical, and at times, ambiguous environment.Key job responsibilitiesYou will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle an assortment of disparate tasks which may include small-project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.A day in the lifeThis position supports AWS Security Engineers and Technical Program Managers with security operations and incident response activities. You will be responsible for coordinating and facilitating security response activities for a wide range of AWS products and services. You will drive “Tier 1” and "Tier 2" related issues to resolution across numerous service teams and other more senior AWS Security Engineers.About the teamDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.- BS degree in Computer Science, Computer Engineering, Electrical Engineering, or 3+ years’ equivalent technology experience.- Minimum of 2 years’ experience on a Security Operations team, especially experience coordinating responses to security incidents.- 1+ year knowledge of web protocols, common attacks, and an in-depth knowledge of Linux/Unix tools and architecture.- 4+ years’ equivalent information security experience.- Familiarity with cloud architecture/infrastructure and general networking principles.- Experience with virtualization technologies, especially with AWS services.- Relevant industry certifications from SANS, ISC2, etc.Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.