Senior Security Engineer, AWS Security Incident Response

AWS Security Incident Response is looking for a Senior Security Engineer who builds the automation mechanisms that scale security response. You will investigate complex security incidents hands-on build the frameworks that turn investigation expertise into scalable detection and auto-remediation and architect the AI feedback loops that make the service smarter with every investigation.

The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows AI-powered investigation agents and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve over 90% of routine investigations within minutes. The next challenge is building the mechanisms that accelerate this further enabling every engineer on the team to contribute to detection and automation quality from their investigation work.

Your deep understanding of how attacks work from initial exploitation through lateral movement to data exfiltration is what makes your automation effective. You will build detection enhancements auto-remediation playbooks and AI training pipelines that catch real threats not just generate noise. We treat every investigation as a confirmed security incident until the data proves otherwise.

Native Japanese language skills and fluent English language skills in speaking reading and writing.

Key job responsibilities
- Investigate and respond to complex security incidents hands-on applying malware analysis forensic analysis or attribution skills to credential compromise data exfiltration supply chain attacks and cryptomining
- Lead incident response for customers during high-severity events: scope blast radius coordinate containment guide remediation and get on calls with customers to walk them through what was compromised and the specific steps to contain the threat
- Own the response-to-automation flywheel: build pipelines that capture investigation patterns (including Trust & Safety abuse cases) translate them into detection rules and auto-remediation and measure impact on investigation volume and accuracy
- Build mechanisms that enable every engineer on the team to contribute detection rules automation playbooks and AI training data and build the AI feedback loops that ensure human corrections systematically improve autonomous investigation accuracy
- Define and track metrics that measure automation effectiveness: false positive reduction auto-resolution coverage and engineer contribution rates to the pipeline
- Mentor junior engineers on investigation methodology and structuring artifacts as reusable automation inputs
- Participate in on-call rotations as part of the 24/7 follow-the-sun operating model including weekends

A day in the life
- Review automation dashboard metrics: AI agent resolution rates false positive trends and engineer-submitted detection rules going live
- Investigate new attack patterns the AI is struggling with analyze malware behavior extract indicators and build detection rules that catch the pattern without generating false positives
- Step into high-severity incidents directly analyzing logs correlating indicators across accounts scoping blast radius and getting on a call with the customer to guide containment
- Codify attack chains from investigations into detection rules and AI agent improvements so the system catches the pattern autonomously next time
- Review and approve detection rule contributions from junior engineers using your contribution framework

About the team
The AWS Security Incident Response team provides 24/7 threat monitoring investigation and response for customer AWS environments. The team is driving a strategic transformation raising operational standards building AI-powered investigation capabilities and expanding coverage. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. Senior engineers enjoy close collaboration with leadership one-on-one coaching and the opportunity to shape the future of security operations at AWS scale.

- 5 years of scripting programming or security code review in a common language such as Python Java or C experience
- Bachelors degree or above in Computer Science Computer Engineering Cybersecurity or other related discipline
- Speak write and read fluently in Japanese
- 5 years of non-internship experience in troubleshooting systems issues analyzing logs automating complex tasks using command line tools and identifying security issues risks and developing mitigation plans
- Experience (non-internship) in industry-based security vulnerabilities identification attack patterns and remediation techniques; including experience as a mentor tech lead or leading an engineering team

- Masters degree in Computer Science Information Security or a related field
- Experience in automation or monitoring frameworks deployment or development
- Knowledge of compliance and security standards across the enterprise IT landscape
- * Information security professional certification (GCIH GSEC GREM GCFA CISSP or equivalent)
- * Experience with AWS services in a security operations context (Amazon GuardDuty AWS CloudTrail AWS Security Hub AWS IAM)

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.