Senior Security & Compliance Engineer , AWS Security Assurance Services

AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineer to innovate on behalf of customers and lead prototyping and development of the security and compliance solutions. The right candidate will own security risk identification mitigation and engineering outcomes that span beyond a single team: designing controls writing code leading reviews automating remediations and translating compliance frameworks into secure-by-default implementations on AWS. They will lead design deployment and implementation of complex AWS security and compliance solutions that accomplish defined business and security outcomes solving for new levels of scale complexity and performance.

Key job responsibilities
Engineer AI-enabled automations lead threat modeling security design reviews architecture reviews & security assessments

Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner-org designs.

Build secure-by-default IaC modules for Landing Zones Control Tower customizations Zero-Trust architectures and AI/ML workloads.

Lead the design deployment and implementation of AWS security controls continuous compliance monitoring technical control validation visualization and reporting automated evidence collection and remediation of insecure configurations at scale.

Architect custom preventive detective and proactive controls e.g. service-Control- policies Resource-Control Policies (SCPs and RCPs) policy-as-code (cfn-guard OPA Rego Cedar) and automated remediation workflows.

Set the bar for authentication and authorization data handling least privilege encryption micro-segmentation tagging strategy integrations via API and MCP and secure AI agentic design.

Write and review architecture code scripts IaC including Python Terraform AWS CDK CloudFormation REGO).

Lead alignment resolve escalations troubleshooting and root-cause analysis to closure with peers senior managers and principal engineers.

Lead the development of technical content: sample code blog posts workshops reference architectures whitepapers.

Communicate security risk and design decisions clearly verbally and in writing to technical non-technical and C-level audiences.

Identify and shape sales opportunities; provide input to AWS service-team roadmaps and SAS offering strategy.

Travel to customer sites as needed.

About the team
The Security Assurance Services team a part of Amazon Web Services leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes.

Our goal of securing the worlds workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.

AWS Security Assurance Services LLC a PCI-QSAC and HITRUST External Assessor Firm is a team of industry certified assessors Security & Compliance Engineers with DevOps and Cloud Infrastructure Architect backgrounds helping our customers achieve maintain and automate security & compliance in the cloud.

- 5 years of work in identifying security issues and risks and developing mitigation plans experience
- 5 years of (non-internship) scripting programming and security code review in common programming languages experience
- Knowledge of at least two of the following programming languages: Scala Java Python C/C or Go
- Experience (non-internship) in scripting programming and security code reviewing in a common programming language
- Experience (non-internship) in industry-based security vulnerabilities identification attack patterns and remediation techniques
- Experience as a mentor tech lead or leading an engineering team
- Experience in Cyber Security and in at least one relevant technical area: large-scale systems engineering queuing and messaging Linux networking performance analysis software-defined networking
- Experience in the full secure software development life cycle including coding standards code reviews source control management build processes testing and operations

- Custom controls development SCPs and RCPs.
- Experience writing and deploying reusable policy-as-code (cfn-guard OPA Rego Cedar or equivalent).
- Hands-on expertise with the AWS Security Reference Architecture AWS Organizations multi-account strategy Well-Architected Framework CI/CD at enterprise scale.
- Expert-level knowledge of AWS security and governance services: Config GuardDuty Security Hub Control Tower Systems Manager KMS IAM VPC Lambda CloudTrail CloudWatch EventBridge.
- Hands-on technical experience in incident response technology security automation implementation integration and/or deployment
- Spec-driven development; AI agentic design and Model Context Protocol (MCP) experience.
- AWS certifications: Solutions Architect Professional and Security Specialty strongly preferred; additional specialty certifications a plus.
- Experience producing audit-ready evidence and working with third-party assessors.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status disability or other legally protected status.

Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees supervisors and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees supervisors and staff to ensure exceptional customer service; and follow all federal state and local laws and Company policies. Criminal history may have a direct adverse and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above as well as the abilities to adhere to company policies exercise sound judgment effectively manage stress and work safely and respectfully with others exhibit trustworthiness and professionalism and safeguard business operations and the Companys reputation. Pursuant to the Los Angeles County Fair Chance Ordinance we will consider for employment qualified applicants with arrest and conviction records.

Pursuant to the San Francisco Fair Chance Ordinance we will consider for employment qualified applicants with arrest and conviction records.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process including support for the interview or onboarding process please visit for more information. If the country/region youre applying in isnt listed please contact your Recruiting Partner.

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience qualifications and location. Amazon also offers comprehensive benefits including health insurance (medical dental vision prescription Basic Life & AD&D insurance and option for Supplemental life plans EAP Mental Health Support Medical Advice Line Flexible Spending Accounts Adoption and Surrogacy Reimbursement coverage) 401(k) matching paid time off and parental leave. Learn more about our benefits at CA San Francisco - 183000.00 - 247600.00 USD annually
USA TN Nashville - 151200.00 - 204600.00 USD annually
USA TX Austin - 178400.00 - 226700.00 USD annually
USA TX Dallas - 178400.00 - 226700.00 USD annually
USA TX Houston - 178400.00 - 226700.00 USD annually
USA VA Arlington - 178400.00 - 226700.00 USD annually
USA VA Herndon - 178400.00 - 226700.00 USD annually
USA WA Seattle - 178400.00 - 226700.00 USD annually