Manager, Security Engineering, AWS Security Incident Response
Job Location:
Job Location:
Seattle, OR - USA
Monthly Salary:
Not Disclosed
Monthly Salary:
Posted on:
13 days ago
Posted on:
Vacancies:
1 Vacancy
Vacancies:
Job Summary
AWS Security Incident Response is looking for a Security Manager who combines deep technical expertise in security operations with the leadership judgment to drive a team through a fundamental transformation from human-driven investigation to AI-native security operations. You will own operational excellence for a regional team of security engineers engage directly with customer security executives during high-severity incidents and drive the response-to-automation flywheel that makes the service smarter with every investigation.
The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows AI-powered investigation agents and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve the majority of routine investigations within minutes allowing engineers to focus on complex threat analysis proactive hunting and customer engagement. We treat every investigation as a confirmed security incident until the data proves otherwise.
Key job responsibilities
- Own day-to-day operations across threat detection triage investigation and incident response for a regional team of security engineers operating under defined Service Level Objectives (SLOs)
- Manage investigation queue health enforce response time targets and drive the team toward zero pending tickets at all times
- Engage directly with customer security executives CISOs VPs of Security and their teams to communicate findings lead post-incident reviews advise on security posture and build long-term trust
- Serve as a senior escalation point for complex or high-severity incidents taking direct ownership when investigations require leadership judgment or cross-team coordination
- Drive the response-to-automation flywheel: capture lessons from investigations to improve automation enrich detection capabilities and measure impact through metrics you define and own
- Oversee how your engineers work alongside AI investigation agents maintaining human-in-the-loop guarantees and driving AI accuracy through feedback loops and quality controls
- Partner with peer managers across global time zones to maintain 24/7 coverage and ensure continuity across the follow-the-sun model
- Coach and develop security engineers building a team culture that values root cause analysis over ticket count
Due to the nature of the work performed within this team candidates must be U.S. citizens and eligible to obtain a US Government security clearance.
A day in the life
- Review queue health metrics and drive the team toward zero pending investigations
- Coach engineers through complex investigations and review customer-facing communications for analytical depth
- Step into high-severity incidents directly get on a call with a customers CISO to walk through findings and advise on remediation
- Review AI investigation agent outputs and work with engineers to improve feedback loops
- Coordinate with internal teams to mitigate customer security issues
- Partner with peer managers across regions during handover calls
About the team
The AWS Security Incident Response team provides 24/7 threat monitoring investigation and response for customer AWS environments. The team is in the early stages of a three-phase transformation: (1) operational excellence with defined SLOs and quality standards (2) agentic AI transformation where AI agents conduct routine investigations autonomously and (3) expansion into Amazon Dedicated Cloud (ADC) GovCloud and internal AWS services. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. This is a unique opportunity to lead a team through a fundamental shift in how security operations are delivered.
- 5 years of managing and developing teams experience
- 5 years of progressive work within a software security team or related operating environment experience
- Bachelors degree in Computer Science Information Security or a related field
- Experience establishing credibility quickly with senior level executives across organizations
- Experience defining program requirements and using data and metrics to drive improvements
- Hands-on experience conducting or leading information security investigations during complex incidents not just managing from the sideline
- information security professional certification (SANS GIAC CISSP etc.)
- Masters degree in Computer Science or a related field
- Experience triaging and developing security alerts and response automation conducting front-line analysis and providing escalation support
- Experience managing teams or experience with Machine Learning and Large Language Model fundamentals including architecture training/inference lifecycles and optimization of model execution
- Experience working in a fast-paced rapidly changing operations environment
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.
The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows AI-powered investigation agents and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve the majority of routine investigations within minutes allowing engineers to focus on complex threat analysis proactive hunting and customer engagement. We treat every investigation as a confirmed security incident until the data proves otherwise.
Key job responsibilities
- Own day-to-day operations across threat detection triage investigation and incident response for a regional team of security engineers operating under defined Service Level Objectives (SLOs)
- Manage investigation queue health enforce response time targets and drive the team toward zero pending tickets at all times
- Engage directly with customer security executives CISOs VPs of Security and their teams to communicate findings lead post-incident reviews advise on security posture and build long-term trust
- Serve as a senior escalation point for complex or high-severity incidents taking direct ownership when investigations require leadership judgment or cross-team coordination
- Drive the response-to-automation flywheel: capture lessons from investigations to improve automation enrich detection capabilities and measure impact through metrics you define and own
- Oversee how your engineers work alongside AI investigation agents maintaining human-in-the-loop guarantees and driving AI accuracy through feedback loops and quality controls
- Partner with peer managers across global time zones to maintain 24/7 coverage and ensure continuity across the follow-the-sun model
- Coach and develop security engineers building a team culture that values root cause analysis over ticket count
Due to the nature of the work performed within this team candidates must be U.S. citizens and eligible to obtain a US Government security clearance.
A day in the life
- Review queue health metrics and drive the team toward zero pending investigations
- Coach engineers through complex investigations and review customer-facing communications for analytical depth
- Step into high-severity incidents directly get on a call with a customers CISO to walk through findings and advise on remediation
- Review AI investigation agent outputs and work with engineers to improve feedback loops
- Coordinate with internal teams to mitigate customer security issues
- Partner with peer managers across regions during handover calls
About the team
The AWS Security Incident Response team provides 24/7 threat monitoring investigation and response for customer AWS environments. The team is in the early stages of a three-phase transformation: (1) operational excellence with defined SLOs and quality standards (2) agentic AI transformation where AI agents conduct routine investigations autonomously and (3) expansion into Amazon Dedicated Cloud (ADC) GovCloud and internal AWS services. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. This is a unique opportunity to lead a team through a fundamental shift in how security operations are delivered.
- 5 years of managing and developing teams experience
- 5 years of progressive work within a software security team or related operating environment experience
- Bachelors degree in Computer Science Information Security or a related field
- Experience establishing credibility quickly with senior level executives across organizations
- Experience defining program requirements and using data and metrics to drive improvements
- Hands-on experience conducting or leading information security investigations during complex incidents not just managing from the sideline
- information security professional certification (SANS GIAC CISSP etc.)
- Masters degree in Computer Science or a related field
- Experience triaging and developing security alerts and response automation conducting front-line analysis and providing escalation support
- Experience managing teams or experience with Machine Learning and Large Language Model fundamentals including architecture training/inference lifecycles and optimization of model execution
- Experience working in a fast-paced rapidly changing operations environment
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience qualifications and location. Amazon also offers comprehensive benefits including health insurance (medical dental vision prescription Basic Life & AD&D insurance and option for Supplemental life plans EAP Mental Health Support Medical Advice Line Flexible Spending Accounts Adoption and Surrogacy Reimbursement coverage) 401(k) matching paid time off and parental leave. Learn more about our benefits at WA Seattle - 175100.00 - 236900.00 USD annually
Required Experience:
Manager
About Company
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa Devices, sporting goods, toys, automotive ... View more
