Security Engineer II, AWS Cloud Security Response
Amazon Web Services (AWS) · Seattle, WA · 1 wk ago
EngineeringFull-time
About the role
The AWS Cloud Security Response team operates on the ‘AWS’ side of the Shared Responsibility Model, protecting our customers by ensuring the security of AWS Cloud services. Our engineers independently investigate and resolve security issues across 200+ AWS products, working hands-on with service code, security data, and cloud infrastructure at massive scale.
Responsibilities
- Identify recurring security patterns across AWS services and drive proactive solutions that address root causes and prevent classes of issues.
- Build automation to scale incident response procedures, improving efficiency and reducing manual effort across the team’s global operations.
- Own and drive security issues from identification through resolution, bringing informed risk assessments and security judgment to every engagement with service teams.
- Independently reproduce and validate reported security issues to develop a deep understanding of the vulnerability, its exploitability, and its potential customer impact.
- Investigate and analyze security data across multiple sources to scope the impact of security issues and inform remediation priorities.
- Develop and validate remediations through hands-on code engagement, partnering with service teams to close security issues through code.
- Communicate the state of security issues to technical and non-technical audiences at all levels of seniority, up to and including the AWS Chief Information Security Officer. Escalate when the pace of resolution does not match the impact to customers.
Requirements
- Exercise independent security judgment to assess risk, form informed opinions on severity, and drive engineering teams toward the right outcomes.
- Take a hands-on investigative approach to security issues, building deep technical understanding of risk and customer impact.
- Be technically proficient across security domains including network and operating system security, cryptography, software security, and incident response.
- Communicate complex security issues clearly to both technical and non-technical audiences at all levels.
- Challenge flawed analysis and escalate to senior leadership to ensure the best outcome for customers, even against consensus.
- Work effectively in AI-augmented workflows, using generative AI tools to accelerate security work.
- Mentor and coach junior engineers on security practices and professional growth.
- Drive security outcomes across organizational boundaries, partnering effectively with service teams and peer security teams.
Qualifications
- 3+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or 2+ years of IT Security experience
- Experience as a mentor, tech lead or leading an engineering team
- Experience collaborating and influencing multiple teams across multiple organizations
- Experience with cloud services, cloud infrastructure, or cloud security concepts
- 4+ years of experience in information security, security operations, or security engineering