Security Engineer Ii, Threat Detection

Amazon Amazon · Big Tech · Austin, TX · Systems, Quality, & Security Engineering

Security Engineer role focused on developing advanced threat detection capabilities using machine learning and generative AI. The role involves researching emerging threats, building high-confidence detections, and automating processes to identify and mitigate malicious activity at scale within Amazon's network.

What you'd actually do

  1. Identify critical threats targeting Amazon's network by leveraging threat intelligence and security research, then deliver high-fidelity threat detections aligned to attacker tactics, techniques, and procedures (TTPs).
  2. Enhance detection engineering processes by improving how detections are scoped, prioritized, developed, tested, and maintained throughout their lifecycle.
  3. Develop platform requirements to enrich alerts with contextual data, reduce false positives, and automate remediation and response actions in coordination with incident response teams.
  4. Research and develop mechanisms to advance detection capabilities through machine learning, advanced data correlation, risk-based alerting, or generative AI.
  5. Automate your way through challenges using Python or other scripting languages to build tooling, validate detections, and streamline operational workflows at scale.

Skills

Required

  • Knowledge of industry-based security vulnerabilities and remediation techniques
  • Experience in scripting, programming, and security code reviewing in a common programming language (non-internship)
  • Experience triaging and developing security alerts and response automation, conducting front-line analysis, and providing escalation support
  • Knowledge of web protocols, common attacks, and Linux/Unix tools and architecture
  • Knowledge of cloud computing concepts and design considerations

Nice to have

  • Experience with AWS products and services
  • Experience implementing security solutions at the cross-team level
  • Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
  • Experience with Machine Learning and Large Language Model fundamentals, including architecture, training/inference lifecycles, and optimization of model execution

What the JD emphasized

  • research emerging threats
  • develop new detection ideas
  • build high-confidence detections
  • proactively identify malicious activity
  • develop innovative methods utilizing the latest techniques
  • advance detection capabilities through machine learning, advanced data correlation, risk-based alerting, or generative AI

Other signals

  • research emerging threats
  • develop new detection ideas
  • build high-confidence detections
  • proactively identify malicious activity
  • develop innovative methods utilizing the latest techniques
  • advance detection capabilities through machine learning, advanced data correlation, risk-based alerting, or generative AI