Security & Compliance Engineer, AWS Security Assurance Services, LLC
Amazon Web Services (AWS) · Nashville, TN · 1 wk ago
Quality AssuranceFull-time
About the role
AWS Security Assurance Services (SAS) is hiring a Security & Compliance Engineer to design, build, and deploy AWS security and compliance solutions for highly regulated customers. You will own engineering deliverables across the full lifecycle — secure design, implementation, testing, deployment, and maintenance — translating compliance frameworks (SOC2, HIPAA, PCI-DSS, CIS, NIST, FedRAMP) into secure-by-design AWS implementations. You will work autonomously within your team, deliver cross-functional projects with partner teams, and drive measurable risk reduction for customers at scale.
Responsibilities
- Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
- Design and implement custom preventive, detective, and proactive controls — Service Control Policies (SCPs), Resource Control Policies (RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
- Build secure-by-design Infrastructure-as-Code controls for Landing Zones, AWS Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
- Apply AWS security best practices for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, and API/MCP integration.
- Write and review IaC, scripts, enforcements and detections in Python, Terraform, AWS CDK, CloudFormation, and Rego.
- Build continuous compliance monitoring, automated evidence collection, visualization, reporting, and remediation pipelines that hold up in audit.
- Integrate custom controls with AWS-native and third-party security and compliance tooling.
- Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products.
- Identify risks and edge cases; propose implementation paths and go/no-go gates.
- Apply systematic approaches to risk identification; propose compensating controls when direct remediation isn’t possible.
- Help develop technical content
- Identify cross-team patterns, gaps, improvements.
- Travel to customer sites as needed.
Qualifications
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
- 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Experience (non-internship) in scripting, programming, and security code reviewing in a common programming language
- Experience in troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship experience)
- Experience with threat modeling and penetration testing, or experience that includes strong analytical skills, attention to detail, and effective communication abilities
- Experience conveying complex technical concepts to both technical and business audiences
- 3+ years of security engineering or related security experience; Demonstrated ability to deliver security solutions independently within a team scope, handling the full development lifecycle: design, implementation, testing, deployment, and maintenance.
- Demonstrated ability to write and review code, scripts, IaC, and detections in support of security defenses.
- Demonstrated ability to lead security investigations and resolve root causes of operational and security issues.
- Demonstrated ability to mentor peers, drive consensus on conflicting design or implementation feedback, and provide meaningful review feedback.