Security Engineer, AWS Security Incident Response

AWS Security Incident Response is looking for technical Security Engineers that are passionate about learning new concepts and work well within a team environment to keep customers secure. We value engineers that can work through ambiguity to identify suspicious activity lead security response and can explain technical security concepts to non-technical audiences.

AWS Global Services includes experts from across AWS who help our customers design build operate and secure their cloud environments. Customers innovate with AWS Professional Services upskill with AWS Training and Certification optimize with AWS Support and Managed Services and meet objectives with AWS Security Assurance Services. Our expertise and emerging technologies include AWS Partners AWS Sovereign Cloud AWS International Product and the Generative AI Innovation Center. Youll join a diverse team of technical experts in dozens of countries who help customers achieve more with the AWS cloud.

AWS Services provides developers and small to large businesses access to the horizontally scalable state of the art cloud infrastructure like S3 EC2 AMI Cloud Front and Simple DB that powers . Developers can build any type of business on AWS Platform and scale their application with growing business needs. We want you to help share and shape our mission to be Earths most customer-centric company. Our evolution from Web site to e-commerce partner to development platform is driven by the spirit of invention that is part of our DNA. We do every day by inventing elegant and simple solutions to complex technical and business problems. Were making history and the good news is that weve only just begun.

Key job responsibilities
- Respond to threat findings that indicate unauthorized activity has occurred
- Identify and recommend solutions that improve or expand AWS Security Incident response capabilities security automation.
- Providing security engineering solutions and support during customer-facing incidents proactively considering the prevention of similar incidents from occurring in the future.
- Working alongside and mentoring information security engineers to improve security reduce and quickly address risk.
- Identify evaluate and communicate security threats risks and vulnerabilities and propose recommended remediation for security issues.
- Track and report on the effectiveness of AWS detective controls such as Amazon GuardDuty and partner products such as CrowdStrike Falcon or Wiz Defend
- Develop processes and policies to increase security response effectiveness.
- On-call support: This role requires periodic on-call responsibilities including weekends.

A day in the life
As a Security Engineer in AWS Security Incident Response your responsibilities include monitoring networks and systems for potential threats performing triage for security alerts documenting suspicious activity and reporting issues so they can be adequately handled. You will work alongside our security engineers and partner teams to perform daily threat detection and incident response using the full capability of AWS technologies and services to detect and mitigate cyber threats at a massive scale and help protect AWS Customers. You should also enjoy learning about the most up-to-date new technologies and procedures to protect information systems and data.

AWS Security Incident Response provides 24/7 threat monitoring investigation and response across for customers AWS environments. The service enhances existing security capabilities by providing security monitoring for all native AWS services and supports vendor agnostic detective and protective controls to provide holistic security controls for customers. This is done by leveraging data on common attack techniques to enhance detective controls and incident response then building auto-remediation capabilities to minimize disruption to customer workloads. When a security event does happen you will be there provide guidance.

About the team
Diverse Experiences: AWS values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job below we encourage candidates to apply. If your career is just starting hasnt followed a traditional path or includes alternative experiences dont let it stop you from applying.

Why AWS Amazon Web Services (AWS) is the worlds most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating thats why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.

Inclusive Team Culture
AWS values curiosity and connection. Our employee-led and company-sponsored affinity groups promote inclusion and empower our people to take pride in what makes us unique. Our inclusion events foster stronger more collaborative teams. Our continual innovation is fueled by the bold ideas fresh perspectives and passionate voices our teams bring to everything we do.

Mentorship & Career Growth - Were continuously raising our performance bar as we strive to become Earths Best Employer. Thats why youll find endless knowledge-sharing mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance - We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home theres nothing we cant achieve in the cloud.

- 4 years of programming in Python Ruby Go Swift C or similar object oriented language experience
- 4 years of any combination of the following: threat modeling experience secure coding identity management and authentication software development cryptography system administration and network security experience
- 4 years of troubleshooting systems issues analyzing logs or automating basic tasks using command line tools (non-internship) experience
- Bachelors degree in computer science or equivalent
- Knowledge of networking protocols such as HTTP DNS and TCP/IP
- Knowledge of industry-based security vulnerabilities and remediation techniques
- Experience in security operations risk management and incident response

- Experience with AWS services or other cloud offerings
- Experience triaging security alerts front-line analysis and escalation
- GCIH (GIAC Certified Incident Handler) or GSEC (GIAC Security Essentials) or Security or CISSP CISA CISM or other security certification
- Experience with AI/ML technologies
- Knowledge of system security vulnerabilities and remediation techniques including penetration testing and the development of exploits or equivalent

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.