AWS Security Incident Response is looking for technical Security Engineers that are passionate about learning new concepts and work well within a team environment to keep customers secure. We value engineers that can work through ambiguity to identify suspicious activity, lead security response, and can explain technical security concepts to non-technical audiences.
AWS Global Services includes experts from across AWS who help our customers design, build, operate, and secure their cloud environments. Customers innovate with AWS Professional Services, upskill with AWS Training and Certification, optimize with AWS Support and Managed Services, and meet objectives with AWS Security Assurance Services. Our expertise and emerging technologies include AWS Partners, AWS Sovereign Cloud, AWS International Product, and the Generative AI Innovation Center. You’ll join a diverse team of technical experts in dozens of countries who help customers achieve more with the AWS cloud.
AWS Services provides developers and small to large businesses access to the horizontally scalable state of the art cloud infrastructure like S3, EC2, AMI, Cloud Front and Simple DB, that powers Amazon.com. Developers can build any type of business on AWS Platform and scale their application with growing business needs. We want you to help share and shape our mission to be Earth's most customer-centric company. Our evolution from Web site to e-commerce partner to development platform is driven by the spirit of invention that is part of our DNA. We do every day by inventing elegant and simple solutions to complex technical and business problems. We're making history and the good news is that we've only just begun.
Key job responsibilities
- Respond to threat findings that indicate unauthorized activity has occurred
- Identify and recommend solutions that improve or expand AWS Security Incident response capabilities, security automation.
- Providing security engineering solutions and support during customer-facing incidents, proactively considering the prevention of similar incidents from occurring in the future.
- Working alongside and mentoring information security engineers to improve security, reduce and quickly address risk.
- Identify, evaluate and communicate security threats, risks and vulnerabilities, and propose recommended remediation for security issues.
- Track and report on the effectiveness of AWS detective controls such as Amazon GuardDuty and partner products such as CrowdStrike Falcon or Wiz Defend
- Develop processes and policies to increase security response effectiveness.
- On-call support: This role requires periodic on-call responsibilities including weekends.
A day in the life As a Security Engineer in AWS Security Incident Response, your responsibilities include monitoring networks and systems for potential threats, performing triage for security alerts, documenting suspicious activity, and reporting issues so they can be adequately handled. You will work alongside our security engineers and partner teams to perform daily threat detection and incident response, using the full capability of AWS technologies and services to detect and mitigate cyber threats at a massive scale and help protect AWS Customers. You should also enjoy learning about the most up-to-date new technologies and procedures to protect information systems and data.
AWS Security Incident Response provides 24/7 threat monitoring, investigation, and response across for customer’s AWS environments. The service enhances existing security capabilities by providing security monitoring for all native AWS services and supports vendor agnostic detective and protective controls to provide holistic security controls for customers. This is done by leveraging data on common attack techniques to enhance detective controls and incident response, then building auto-remediation capabilities to minimize disruption to customer workloads. When a security event does happen, you will be there provide guidance.
About the team Diverse Experiences: AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job below, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why AWS? Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Inclusive Team Culture AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger, more collaborative teams. Our continual innovation is fueled by the bold ideas, fresh perspectives, and passionate voices our teams bring to everything we do.
Mentorship & Career Growth - We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance - We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud.
Basic Qualifications
- 4+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 4+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 4+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Bachelor's degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Knowledge of industry-based security vulnerabilities and remediation techniques
- Experience in security operations, risk management, and incident response
Preferred Qualifications
- Experience with AWS services or other cloud offerings
- Experience triaging security alerts, front-line analysis, and escalation
- GCIH (GIAC Certified Incident Handler) or GSEC (GIAC Security Essentials) or Security+, or CISSP, CISA, CISM or other security certification
- Experience with AI/ML technologies
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.