Manager, Security Engineering, AWS Security Incident Response
Amazon Web Services (AWS) · Seattle, WA · 3 wk ago
EngineeringFull-time
Key job responsibilities
- Own day-to-day operations across threat detection, triage, investigation, and incident response for a regional team of security engineers operating under defined Service Level Objectives (SLOs)
- Manage investigation queue health, enforce response time targets, and drive the team toward zero pending tickets at all times
- Engage directly with customer security executives — CISOs, VPs of Security, and their teams — to communicate findings, lead post-incident reviews, advise on security posture, and build long-term trust
- Serve as a senior escalation point for complex or high-severity incidents, taking direct ownership when investigations require leadership judgment or cross-team coordination
- Drive the response-to-automation flywheel: capture lessons from investigations to improve automation, enrich detection capabilities, and measure impact through metrics you define and own
- Oversee how your engineers work alongside AI investigation agents, maintaining human-in-the-loop guarantees and driving AI accuracy through feedback loops and quality controls
- Partner with peer managers across global time zones to maintain 24/7 coverage and ensure continuity across the follow-the-sun model
- Coach and develop security engineers, building a team culture that values root cause analysis over ticket count
About the team
The AWS Security Incident Response team provides 24/7 threat monitoring, investigation, and response for customer AWS environments. The team is in the early stages of a three-phase transformation: (1) operational excellence with defined SLOs and quality standards, (2) agentic AI transformation where AI agents conduct routine investigations autonomously, and (3) expansion into Amazon Dedicated Cloud (ADC), GovCloud, and internal AWS services. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. This is a unique opportunity to lead a team through a fundamental shift in how security operations are delivered.