Security Engineer, AWS Security Incident Response

AWS Security Incident Response is looking for a Security Engineer who investigates with urgency communicates with clarity and turns every investigation into an opportunity to make the service smarter. You will perform hands-on security response for customers work alongside AI-powered investigation agents daily and feed what you learn back into the automation systems that protect all customers.

The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows AI-powered investigation agents and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve the majority of routine investigations within minutes. Every engineer on the team is expected to be fluent in how these AI systems work provide feedback that improves their accuracy and identify opportunities to extend their capabilities.

This is not a traditional security operations role. You will investigate security incidents hands-on but equally important is what happens after the investigation: documenting patterns proposing detection rules providing structured feedback to AI agents and building the automation that prevents the same issue from requiring human investigation again. We treat every investigation as a confirmed security incident until the data proves otherwise.

This position requires that the candidate selected be eligible to obtain a US Government security clearance.

Key job responsibilities
- Investigate and respond to security findings and customer-reported security events using AI-powered investigation tools and manual forensic techniques
- Perform CloudTrail forensics log analysis and threat intelligence correlation to determine the scope impact and root cause of security events in customer AWS environments
- Get on calls with customers during active incidents to walk them through what was compromised and the specific containment steps to execute immediately
- Work alongside AI investigation agents daily review AI-generated conclusions validate accuracy and provide structured feedback that improves autonomous investigation quality
- Turn every investigation into a service improvement: document reusable indicators attack patterns and false positive signals that feed directly into the teams detection pipeline and AI training data
- Identify gaps in existing detection rules and auto-remediation playbooks based on patterns observed during investigations and propose improvements to senior engineers
- Use AI-powered tools (including agentic AI assistants) to accelerate your own investigations and share effective techniques with the team
- Coordinate with internal teams to mitigate customer security issues
- Participate in on-call rotations including weekends

A day in the life
You review the investigation queue pick up findings from AI agents and automated triage and investigate using CloudTrail forensics and threat intelligence. When you confirm a threat you get on a call with the customer to guide containment. After each investigation you extract patterns into the automation pipeline and provide structured feedback to AI agents so they improve. You propose detection rules for recurring false positives and review AI-generated summaries for accuracy.

About the team
The AWS Security Incident Response team provides 24/7 threat monitoring investigation and response for customer AWS environments. The team is driving a strategic transformation raising operational standards building AI-powered investigation capabilities and expanding coverage. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. Security engineers receive structured mentorship regular coaching and increasing ownership as they grow. Engineers on this team have grown into senior investigators automation builders and technical leads.

- 2 years of web protocols common security attacks and remediation (non-internship) experience
- Bachelors degree in Engineering Computer Science or a related field
- Experience with coding/scripting in one or more languages (e.g. Python C C Java Ruby or PowerShell)
- Experience (non-internship) in industry-based security vulnerabilities identification attack patterns and remediation techniques
- Knowledge of operating systems hardware storage network security database administration and cloud infrastructure
- Knowledge of one or more of the following domains: access-control system and methodology network security application- and system-development security security architecture and models cryptography and operations security

- Experience with AWS services or other cloud offerings
- GCIH (GIAC Certified Incident Handler) or GSEC (GIAC Security Essentials) or Security

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience qualifications and location. Amazon also offers comprehensive benefits including health insurance (medical dental vision prescription Basic Life & AD&D insurance and option for Supplemental life plans EAP Mental Health Support Medical Advice Line Flexible Spending Accounts Adoption and Surrogacy Reimbursement coverage) 401(k) matching paid time off and parental leave. Learn more about our benefits at WA Seattle - 136000.00 - 184000.00 USD annually