Security Engineer, Perimeter Threat Research Team

AWS Infrastructure Services owns the design planning delivery and operation of all AWS global other words were the people who keep the cloud running. We support all AWS data centers and all of the servers storage networking power and cooling equipment that ensure our customers have continual access to the innovation they rely on. We work on the most challenging problems with thousands of variables impacting the supply chain and were looking for talented people who want to help.

Youll join a diverse team of software hardware and network engineers supply chain specialists security experts operations managers and other vital roles. Youll collaborate with people across AWS to help us deliver the highest standards for safety and security while providing seemingly infinite capacity at the lowest possible cost for our customers. And youll experience an inclusive culture that welcomes bold ideas and empowers you to own them to completion.

The AWS Threat Research Team is responsible for publishing a rich source of AWS home-grown threat intelligence for AWS services and customers. We are looking for talented creative and passionate Security Engineers to help us research threats in innovative ways to deliver actionable threat indicators and disrupt threats. The AWS Threat Research Team (TRT) is looking for a security engineer with deep expertise in application and network security who is passionate about research advocacy and protecting large-scale production applications.

As a part of this role you will:

* Learn how our products work today and where we want to take them in the future
* Help craft and build out threat data gathering security systems at scale
* Stay on top of cyber security trends and mentor other engineers in the same
* Act as a technical lead influencing other engineers designs and coding deliverables
* Work in an agile development environment collaborating closely with software engineers
* Have fun in a challenging but rewarding environment

We believe that a diverse group of people with different backgrounds and experiences are essential to invention and we therefore do all we can to attract and nurture diversity in our team. As an Amazonian you will learn from and collaborate with talented colleagues across the globe.

If this sounds like the opportunity for you come build with us!


Key job responsibilities
The ideal candidate must demonstrate strong proficiency in malware reverse engineering including the ability to analyze disassemble and deconstruct malicious software using industry-standard tools such as IDA Pro Ghidra and debuggers like x64dbg. Experience with static and dynamic analysis techniques is essential for identifying malware behavior capabilities and indicators of compromise.

A solid foundation in web application security is required including expertise in identifying and mitigating vulnerabilities such as SQL injection cross-site scripting (XSS) and authentication flaws. Familiarity with OWASP methodologies and tools like Burp Suite is expected.

Candidates must possess advanced threat hunting capabilities leveraging hypothesis-driven approaches and behavioral analytics to proactively detect adversarial activity within enterprise environments. Proficiency in crafting custom detection rules and queries across SIEM platforms is essential.

A comprehensive understanding of network security is required with a strong emphasis on DDoS mitigation and botnet research. The candidate must have experience analyzing botnet infrastructure understanding command-and-control communication protocols and identifying botnet propagation techniques. Proficiency in traffic analysis volumetric attack pattern recognition and DDoS defense strategies is essential. Hands-on experience with packet capture tools such as Wireshark Zeek and NetFlow analysis platforms is expected along with the ability to research emerging botnet families and their evolving attack vectors.

A working knowledge of threat intelligence frameworks such as MITRE ATT&CK and familiarity with STIX/TAXII standards is preferred.

About the team
The AWS Perimeter Protection Threat Research Team produces actionable threat intelligence that drives AWS security and networking services including AWS Shield AWS WAF AWS Firewall Manager and Network Firewall. Our diverse team of security researchers and engineers operates advanced deception technology and threat intelligence systems to identify track and analyze bad actors as they continuously evolve their tactics techniques and procedures. We proactively monitor emerging threats across some of the largest distributed networks in the world transforming raw intelligence into meaningful insights that strengthen AWS defenses. If youre passionate about outsmarting adversaries and shaping the future of cloud security at scale wed love to have you join us.

- 3 years of programming in Python Ruby Go Swift C or similar object oriented language experience
- 2 years of scripting programming and security code review in a common programming language (non-internship) experience
- 2 years of troubleshooting systems issues analyzing logs or automating basic tasks using command line tools (non-internship) experience
- Bachelors degree in computer science or equivalent
- Bachelors degree in a STEM field (Science Technology Engineering Mathematics) or experience in IT Security
- Bachelors degree in a STEM field (Science Technology Engineering Mathematics) or 2 years of IT Security experience
- Knowledge of networking protocols such as HTTP DNS and TCP/IP
- Knowledge of industry-based security vulnerabilities and remediation techniques
- Experience in scripting programming and security code reviewing in a common programming language (non-internship)
- Experience in troubleshooting systems issues analyzing logs or automating basic tasks using command line tools (non-internship experience)

- 2 years of any combination of the following: threat modeling experience secure coding identity management and authentication software development cryptography system administration and network security experience
- 2 years of scripting programming or security code review in a common language such as Python Java or C experience
- Knowledge of command line tools to troubleshoot protocols analyze log outputs or automate basic tasks
- Knowledge of networking protocols to include HTTP(S) DNS and TCP/IP
- Experience with AWS products and services
- Experience in scripting programming or security code reviewing in a common language such as Python Java or C

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience qualifications and location. Amazon also offers comprehensive benefits including health insurance (medical dental vision prescription Basic Life & AD&D insurance and option for Supplemental life plans EAP Mental Health Support Medical Advice Line Flexible Spending Accounts Adoption and Surrogacy Reimbursement coverage) 401(k) matching paid time off and parental leave. Learn more about our benefits at WA Seattle - 159300.00 - 202400.00 USD annually