Security Engineer I, Threat Hunting, Security Incident Response Team (SIRT)

Amazons Threat Hunting team is looking for a Security Engineer Threat Hunting who is excited by the idea of searching for and uncovering undetected threat activities at petabyte scale. In this role you will work alongside other Threat Hunting engineers to proactively identify and eliminate threats wherever they may exist.

Our Threat Hunting team searches for adversarial activity using a variety of tools methods intelligence and techniques. They work handson with security logs and are encouraged to be creative and develop innovative techniques to illuminate threat activities. With your technical expertise you will be solving security challenges at scale and working to protect applications powering the most sophisticated eCommerce platform ever built.

If you are someone who enjoys researching threats diving deep into large datasets and building innovative capabilities to solve everyday problems wed like to meet you. Your work will be essential to maintaining customer trust and delivering a delightful experience for our customers.

Key job responsibilities
You will query and evaluate machine data for evidence of potentially damaging threat activities which pose a risk to Amazon customers and data.
You will reconstruct security events using log data and identify opportunities to increase the fidelity of existing threat signals.
You will conduct threat research and develop innovative approaches to identify threat actor tactics techniques and procedures (TTPs).
You will provide ad hoc support to incident response partners and participate in validating the scope of ongoing security investigations.
You will participate in an oncall rotation and provide ad hoc support to customers during nonbusiness hours.

A day in the life
Analyze log data for indications of digital threat activities.
Develop queries to extract threat signals from large and diverse datasets.
Identify potential logging gaps or other security observability concerns.
Work alongside other threat hunting engineers and incident response partners in the investigation of potential threat activities.
Monitor cybersecurity media blog posts and other sources to maintain awareness of the threat landscape.
Work individually and/or as a team on high priority security issues.

About the team
Amazons Threat Hunting team is a component of the Security Incident Response Team (SIRT) and is responsible for proactively seeking out threat activities which pose a risk to our customers and business operations. Our threat hunters work alongside incident response engineers to support ongoing security investigations. This team has a high operations tempo and is known for building innovative and worldclass solutions to enable the pursuit of advanced threats at petabyte scale.

Why Amazon Security
At Amazon security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazons products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud devices retail entertainment healthcare operations and physical stores.

Work/Life Balance
We value worklife harmony. Achieving success at work should never come at the expense of sacrifices at home which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home theres nothing we cant achieve.

Inclusive Team Culture
In Amazon Security its in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas perspectives and voices.

Training and Career Growth
Were continuously raising our performance bar as we strive to become Earths Best Employer. Thats why youll find endless knowledgesharing training and other careeradvancing resources here to help you develop into a betterrounded professional.


Experience working as part of a computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT)
Experience triaging and developing security alerts and response automation conducting frontline analysis and providing escalation support
Experience with common security monitoring log analysis and forensic tools
1 years professional (noninternship) experience within a relevant field

Experience with AWS Services including EC2 Lambda S3 DynamoDB SQS
Experience with at least one modern language such as Java Python C or C# including objectoriented design
2 years experience working as part of a computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT)

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.