Security & Compliance Engineer, AWS Security Assurance Services, LLC
Job Location:
Job Location:
Austin, TX - USA
Monthly Salary:
Not Disclosed
Monthly Salary:
Posted on:
2 days ago
Posted on:
Vacancies:
1 Vacancy
Vacancies:
Job Summary
AWS Security Assurance Services (SAS) is hiring a Security & Compliance Engineer to design build and deploy AWS security and compliance solutions for highly regulated customers. You will own engineering deliverables across the full lifecycle secure design implementation testing deployment and maintenance translating compliance frameworks (SOC2 HIPAA PCI-DSS CIS NIST FedRAMP) into secure-by-design AWS implementations. You will work autonomously within your team deliver cross-functional projects with partner teams and drive measurable risk reduction for customers at scale.
Youll write code ship custom controls run security investigations lead design and code reviews on your team and mentor junior engineers. You will identify systemic issues propose pragmatic solutions and improve the teams mechanisms over time.
Key job responsibilities
- Lead threat modeling security design reviews and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
- Design and implement custom preventive detective and proactive controls Service Control Policies (SCPs) Resource Control Policies (RCPs) policy-as-code (cfn-guard OPA Rego Cedar) and automated remediation workflows.
- Build secure-by-design Infrastructure-as-Code controls for Landing Zones AWS Control Tower customizations Zero-Trust architectures and AI/ML workloads.
- Apply AWS security best practices for authentication and authorization data handling least privilege encryption micro-segmentation tagging strategy and API/MCP integration.
- Write and review IaC scripts enforcements and detections in Python Terraform AWS CDK CloudFormation and Rego.
- Build continuous compliance monitoring automated evidence collection visualization reporting and remediation pipelines that hold up in audit.
- Integrate custom controls with AWS-native and third-party security and compliance tooling.
- Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products.
- Identify risks and edge cases; propose implementation paths and go/no-go gates.
- Apply systematic approaches to risk identification; propose compensating controls when direct remediation isnt possible.
- Help develop technical content
- Identify cross-team patterns gaps improvements.
- Travel to customer sites as needed.
About the team
The AWS Security Assurance Services team within AWS Support leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the worlds workloads requires reliable delivery of bar-raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
AWS Security Assurance Services LLC a PCI-QSAC and HITRUST External Assessor Firm is a team of industry-certified assessors and Compliance Engineers with DevOps and Cloud Infrastructure Architect backgrounds helping our customers achieve maintain and automate compliance in the cloud by tying applicable audit standards to AWS service-specific features and functionality. The SAS team works with our largest enterprise customers to operationalize the shared responsibility model as they migrate to the cloud.
- 3 years of programming in Python Ruby Go Swift C or similar object oriented language experience
- 2 years of scripting programming and security code review in a common programming language (non-internship) experience
- 2 years of troubleshooting systems issues analyzing logs or automating basic tasks using command line tools (non-internship) experience
- Bachelors degree in a STEM field (Science Technology Engineering Mathematics) or experience in IT Security
- Knowledge of networking protocols such as HTTP DNS and TCP/IP
- Experience (non-internship) in scripting programming and security code reviewing in a common programming language
- Experience in troubleshooting systems issues analyzing logs or automating basic tasks using command line tools (non-internship experience)
- Experience with threat modeling and penetration testing or experience that includes strong analytical skills attention to detail and effective communication abilities
- Experience conveying complex technical concepts to both technical and business audiences
- 3 years of security engineering or related security experience; Demonstrated ability to deliver security solutions independently within a team scope handling the full development lifecycle: design implementation testing deployment and maintenance.
- Demonstrated ability to write and review code scripts IaC and detections in support of security defenses.
- Demonstrated ability to lead security investigations and resolve root causes of operational and security issues.
- Demonstrated ability to mentor peers drive consensus on conflicting design or implementation feedback and provide meaningful review feedback.
- 2 years of any combination of the following: threat modeling experience secure coding identity management and authentication software development cryptography system administration and network security experience
- 2 years of scripting programming or security code review in a common language such as Python Java or C experience
- Knowledge of command line tools to troubleshoot protocols analyze log outputs or automate basic tasks
- Knowledge of networking protocols such as HTTP(S) DNS and TCP/IP
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC) such as security design review threat modeling secure code review and security testing
- Experience in mentoring leading or managing more junior engineers
- 5 years as a technical specialist including 3 years in secure coding software development cloud security engineering or related work
- Strong programming and scripting skills in Python TypeScript Go Java .
- Hands-on Infrastructure-as-Code skills in Terraform AWS CDK or CloudFormation.
- Hands-on experience with AWS security and governance services: Config Security Hub IAM KMS VPC Lambda CloudTrail CloudWatch/EventBridge.
- Experience deploying SCPs and RCPs in multi-account AWS Organizations.
- Experience writing and deploying policy-as-code (cfn-guard OPA Rego Cedar or equivalent).
- Experience designing CI/CD pipelines for security or compliance control deployment.
- Experience with AWS Control Tower customizations Landing Zones or Zero-Trust architectures.
- Working knowledge of at least one compliance framework: SOC2 HIPAA PCI-DSS CIS or NIST.
- Experience producing audit-ready evidence and working with third-party assessors.
- Spec-driven development; AI agentic design and Model Context Protocol (MCP) experience.
- Industry and AWS certifications: AWS Solutions Architect Associate or Professional AWS Security Specialty CISSP or equivalent.
- Contributions to public technical content: blog posts workshops conference talks or open-source projects.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.
Youll write code ship custom controls run security investigations lead design and code reviews on your team and mentor junior engineers. You will identify systemic issues propose pragmatic solutions and improve the teams mechanisms over time.
Key job responsibilities
- Lead threat modeling security design reviews and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
- Design and implement custom preventive detective and proactive controls Service Control Policies (SCPs) Resource Control Policies (RCPs) policy-as-code (cfn-guard OPA Rego Cedar) and automated remediation workflows.
- Build secure-by-design Infrastructure-as-Code controls for Landing Zones AWS Control Tower customizations Zero-Trust architectures and AI/ML workloads.
- Apply AWS security best practices for authentication and authorization data handling least privilege encryption micro-segmentation tagging strategy and API/MCP integration.
- Write and review IaC scripts enforcements and detections in Python Terraform AWS CDK CloudFormation and Rego.
- Build continuous compliance monitoring automated evidence collection visualization reporting and remediation pipelines that hold up in audit.
- Integrate custom controls with AWS-native and third-party security and compliance tooling.
- Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products.
- Identify risks and edge cases; propose implementation paths and go/no-go gates.
- Apply systematic approaches to risk identification; propose compensating controls when direct remediation isnt possible.
- Help develop technical content
- Identify cross-team patterns gaps improvements.
- Travel to customer sites as needed.
About the team
The AWS Security Assurance Services team within AWS Support leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the worlds workloads requires reliable delivery of bar-raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
AWS Security Assurance Services LLC a PCI-QSAC and HITRUST External Assessor Firm is a team of industry-certified assessors and Compliance Engineers with DevOps and Cloud Infrastructure Architect backgrounds helping our customers achieve maintain and automate compliance in the cloud by tying applicable audit standards to AWS service-specific features and functionality. The SAS team works with our largest enterprise customers to operationalize the shared responsibility model as they migrate to the cloud.
- 3 years of programming in Python Ruby Go Swift C or similar object oriented language experience
- 2 years of scripting programming and security code review in a common programming language (non-internship) experience
- 2 years of troubleshooting systems issues analyzing logs or automating basic tasks using command line tools (non-internship) experience
- Bachelors degree in a STEM field (Science Technology Engineering Mathematics) or experience in IT Security
- Knowledge of networking protocols such as HTTP DNS and TCP/IP
- Experience (non-internship) in scripting programming and security code reviewing in a common programming language
- Experience in troubleshooting systems issues analyzing logs or automating basic tasks using command line tools (non-internship experience)
- Experience with threat modeling and penetration testing or experience that includes strong analytical skills attention to detail and effective communication abilities
- Experience conveying complex technical concepts to both technical and business audiences
- 3 years of security engineering or related security experience; Demonstrated ability to deliver security solutions independently within a team scope handling the full development lifecycle: design implementation testing deployment and maintenance.
- Demonstrated ability to write and review code scripts IaC and detections in support of security defenses.
- Demonstrated ability to lead security investigations and resolve root causes of operational and security issues.
- Demonstrated ability to mentor peers drive consensus on conflicting design or implementation feedback and provide meaningful review feedback.
- 2 years of any combination of the following: threat modeling experience secure coding identity management and authentication software development cryptography system administration and network security experience
- 2 years of scripting programming or security code review in a common language such as Python Java or C experience
- Knowledge of command line tools to troubleshoot protocols analyze log outputs or automate basic tasks
- Knowledge of networking protocols such as HTTP(S) DNS and TCP/IP
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC) such as security design review threat modeling secure code review and security testing
- Experience in mentoring leading or managing more junior engineers
- 5 years as a technical specialist including 3 years in secure coding software development cloud security engineering or related work
- Strong programming and scripting skills in Python TypeScript Go Java .
- Hands-on Infrastructure-as-Code skills in Terraform AWS CDK or CloudFormation.
- Hands-on experience with AWS security and governance services: Config Security Hub IAM KMS VPC Lambda CloudTrail CloudWatch/EventBridge.
- Experience deploying SCPs and RCPs in multi-account AWS Organizations.
- Experience writing and deploying policy-as-code (cfn-guard OPA Rego Cedar or equivalent).
- Experience designing CI/CD pipelines for security or compliance control deployment.
- Experience with AWS Control Tower customizations Landing Zones or Zero-Trust architectures.
- Working knowledge of at least one compliance framework: SOC2 HIPAA PCI-DSS CIS or NIST.
- Experience producing audit-ready evidence and working with third-party assessors.
- Spec-driven development; AI agentic design and Model Context Protocol (MCP) experience.
- Industry and AWS certifications: AWS Solutions Architect Associate or Professional AWS Security Specialty CISSP or equivalent.
- Contributions to public technical content: blog posts workshops conference talks or open-source projects.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience qualifications and location. Amazon also offers comprehensive benefits including health insurance (medical dental vision prescription Basic Life & AD&D insurance and option for Supplemental life plans EAP Mental Health Support Medical Advice Line Flexible Spending Accounts Adoption and Surrogacy Reimbursement coverage) 401(k) matching paid time off and parental leave. Learn more about our benefits at TN Nashville - 137600.00 - 184000.00 USD annually
USA TX Austin - 159300.00 - 202400.00 USD annually
USA TX Dallas - 159300.00 - 202400.00 USD annually
USA TX Houston - 159300.00 - 202400.00 USD annually
USA VA Arlington - 159300.00 - 202400.00 USD annually
USA VA Herndon - 159300.00 - 202400.00 USD annually
USA WA Seattle - 159300.00 - 202400.00 USD annually
Required Experience:
IC
About Company
Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa Devices, sporting goods, toys, automotive ... View more
