Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing threat research and helping disseminate actionable intelligence to customers? Are you excited to help incident response teams by giving them unprecedented capability and agility? As a member of the Customer Incident Response Team (CIRT in the AWS Global Services Security organization, you will have the opportunity to apply your problem-solving and intelligence analysis skills to help customers respond to security incidents and increase the efficiency and productivity of AWS internal service teams. You will combine contextual knowledge with your analytical skills to gather information and monitor, assess, and report on risks that could affect external AWS customers. You'll also collaborate with internal AWS service teams to help develop new features, innovate with cutting-edge technologies, and explore new challenges...

The Global Services Security team, a part of Amazon Web Services (AWS), leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers

AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success.


Key job responsibilities
* Monitor networks, systems, and applications for security threats and anomalies
* Analyze large datasets, logs, packet captures, and other data to detect patterns indicative of cyber threats
* Research and analyze information from open source intelligence, social media, dark web forums, etc. to identify emerging cyber threats
* Write comprehensive cyber threat reports and briefings to communicate threats, risks, and mitigation strategies to key stakeholders
* Maintain up-to-date knowledge and understanding of threat actor groups, new attack techniques, malware variants, and other cybersecurity trends
* Enrich threat data with additional context and insights to improve detection and response capabilities
* Collaborate with security engineers to develop indicators of compromise and threat intelligence to enhance security monitoring capabilities
* Collaborate with security engineers to develop indicators of compromise and threat intelligence to enhance security monitoring capabilities - Make recommendations for improving organizational security measures and policies based on current threat intelligence -
* Automate the collection and processing of threat intelligence from multiple sources to enable real-time detection and analysis.
* Make recommendations for improving organizational security measures and policies based on current threat intelligence
* Automate the collection and processing of threat intelligence from multiple sources to enable real-time detection and analysis
* Present cyber threat briefings to executives and technology leaders to convey cyber risks and influence strategic security decisions
* Establish relationships with industry peers, law enforcement, government agencies and other partners to share cyber threat intelligence
* Establish relationships with industry peers, law enforcement, government agencies and other partners to share cyber threat intelligence

About the team
Diverse Experiences
AWS values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

About AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.

Inclusive Team Culture
Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.

Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud.

Mentorship & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

Hybrid Work
We value innovation and recognize this sometimes requires uninterrupted time to focus on a build. We also value in-person collaboration and time spent face-to-face. Our team affords engineers options to work in the office every day or in a flexible, hybrid work model near one of our US Amazon offices. Our hybrid models allow you the freedom to work from home whenever in-office collaboration isn’t necessary.

BASIC QUALIFICATIONS

- 1+ years of experience building/operating on the AWS platform
- 2+ years of experience in technical IT security or related job role
- 2+ years of experience performing threat analysis

PREFERRED QUALIFICATIONS

- Experience scripting with Python, Perl, Bash or PowerShell
- Hands-on technical experience in building scripts, tools, or methodologies that enhance customers’ threat detection and incident response capabilities.
- Experience in operating security solutions, such as WAF, IPS, Anti-DDoS, or SIEM.
- Experience managing a security event, including managing customer expectations and delivering results.
- Knowledge of incident response workflows and processes; GIAC Cyber Threat Intelligence (GCTI)

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.