Security Engineer Ii, Stores Security - Healthcare

Amazon Amazon · Big Tech · Seattle, WA · Systems, Quality, & Security Engineering

Security Engineer II role focused on designing, building, and operating detection and monitoring capabilities for Amazon Healthcare Services. The role involves securing cloud infrastructure, applications, endpoints, and AI-powered systems, with a strong emphasis on developing detection-as-code pipelines, automated response workflows, and leveraging AI/LLM tooling for enhanced security operations. It requires experience with cloud technologies, security principles, and software engineering, with a focus on protecting healthcare workloads and maintaining HIPAA compliance.

What you'd actually do

  1. Design, build, and maintain detection-as-code capabilities across cloud infrastructure (CloudTrail, GuardDuty, VPC Flow Logs), SaaS applications, endpoints, and identity systems, improving coverage and signal quality
  2. Develop and deploy detections and monitoring for agentic applications and AI services, including anomaly detection for LLM-powered tools, agent orchestration systems, and AI service APIs
  3. Build automated investigation and response workflows that replace manual runbooks, leveraging AI to scale triage, enrichment, containment, and remediation
  4. Develop and deploy AI/LLM-powered tooling to investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints
  5. Monitor telemetry data, alerting systems, and dashboards for signals of degradation, compromise, or abuse across AHS environments

Skills

Required

  • 5+ years of security-related professional experience
  • Bachelor's degree in a STEM field or 2+ years of IT Security experience
  • Experience directly working with cloud hosting technologies (AWS, Azure, etc.)
  • Experience applying threat modeling or other risk identification techniques or equivalent
  • Software engineering fundamentals with proficiency in Python, Go, Java, or similar languages, and experience working in production codebases
  • Experience with log aggregation and analysis platforms (e.g., Splunk, OpenSearch, ELK, Datadog) and/or endpoint detection tools (e.g., SentinelOne, CrowdStrike)

Nice to have

  • Experience in Kubernetes, Docker or containers ecosystem
  • Experience designing and developing scripts to automate operational burdens and reviewing scripting changes to ensure they meet the standards for maintainability, scalability and security
  • Experience building detection-as-code frameworks or custom detection pipelines
  • Experience building AI/LLM-powered security tooling or applying AI to detection, triage, or investigation workflows

What the JD emphasized

  • HIPAA compliance
  • AI/LLM-powered systems
  • agentic application architectures
  • detection-as-code

Other signals

  • AI/LLM-powered systems
  • agentic application architectures
  • detection-as-code
  • automated investigation and response workflows