Jobs · Quality Assurance · Virginia

Security & Compliance Engineer II, AWS Security Assurance Services, LLC

Amazon Web Services (AWS) · Arlington, VA · 6 days ago
Quality AssuranceFull-time

About the role

AWS Security Assurance Services (SAS) is hiring a Security & Compliance Engineer to design, build, and deploy AWS security and compliance solutions for highly regulated customers. You will own engineering deliverables across the full lifecycle — secure design, implementation, testing, deployment, and maintenance — translating compliance frameworks (SOC2, HIPAA, PCI-DSS, CIS, NIST, FedRAMP) into secure-by-design AWS implementations. You will work autonomously within your team, deliver cross-functional projects with partner teams, and drive measurable risk reduction for customers at scale.

Responsibilities

  • Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
  • Design and implement custom preventive, detective, and proactive controls — Service Control Policies (SCPs), Resource Control Policies (RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
  • Build secure-by-design Infrastructure-as-Code controls for Landing Zones, AWS Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
  • Apply AWS security best practices for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, and API/MCP integration.
  • Write and review IaC, scripts, enforcements and detections in Python, Terraform, AWS CDK, CloudFormation, and Rego.
  • Build continuous compliance monitoring, automated evidence collection, visualization, reporting, and remediation pipelines that hold up in audit.
  • Integrate custom controls with AWS-native and third-party security and compliance tooling.
  • Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products.
  • Identify risks and edge cases; propose implementation paths and go/no-go gates.
  • Apply systematic approaches to risk identification; propose compensating controls when direct remediation isn’t possible.
  • Help develop technical content
  • Identify cross-team patterns, gaps, improvements.
  • Travel to customer sites as needed.

Qualifications

  • 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
  • 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
  • 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
  • Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
  • Knowledge of networking protocols such as HTTP, DNS and TCP/IP
  • Knowledge of industry-based security vulnerabilities and remediation techniques
  • Experience applying threat modeling or other risk identification techniques or equivalent
  • 3+ years of security engineering or related security experience; Demonstrated ability to deliver security solutions independently within a team scope, handling the full development lifecycle: design, implementation, testing, deployment, and maintenance.
  • Demonstrated ability to write and review code, scripts, IaC, and detections in support of security defenses.
  • Demonstrated ability to mentor peers, drive consensus on conflicting design or implementation feedback, and provide meaningful review feedback.

Preferred Qualifications

  • 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
  • Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
  • Experience with compliance & security standards including PCI DSS, ISO 27001, HIPAA, and NIST
  • Familiarity with AWS core services and at least one Infrastructure-as-Code tool (Terraform, AWS CDK, or CloudFormation).
  • Exposure to policy-as-code tools (cfn-guard, OPA Rego, Cedar, or equivalent).
  • Internships, projects, or coursework in cloud security, application security, or compliance automation.
  • Familiarity with multi-account AWS Organizations and Service Control Policies.
  • Industry or AWS certifications: AWS Certified AI Practitioner, AWS Solutions Architect Associate, AWS Security Specialty, or equivalent (or willingness to earn within the first year).

Similar jobs