Security Engineer II, StoreSec Application Security
About the role
The Security Engineer II will work at the intersection of AI for Security and Security for AI, securing GenAI applications and enabling secure AI adoption across Amazon Health Services (AHS).
Responsibilities
Define and drive implementation of proactive security controls for AHS AI applications including GenAI chatbots, agentic systems, and LLM-powered tools.
Develop and implement security controls for the AI-SDLC, ensuring AHS builders build secure AI applications by default.
Assess and drive mitigation of AI-specific security risks including prompt injection, model abuse, data exfiltration, and unauthorized tool invocation at scale.
Build and/or drive adoption of AI-powered security tooling (e.g., automated threat modeling, code scanning, security test generation) to scale security across AHS.
Drive adoption of AI security guardrails, testing frameworks, and monitoring across AHS GenAI applications.
Collaborate with AHS builder teams to integrate security guidance into AI development workflows, reducing late-stage security findings.
Support security incident investigations related to AI systems, including prompt injection attacks and model misuse.
Requirements
3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience.
Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security.
Experience with AI/ML technologies.
Experience applying threat modeling or other risk identification techniques or equivalent.
Knowledge of common AI security risks (prompt injection, data poisoning, model extraction, insecure tool use).
Qualifications
Experience with programming languages such as Python, Java, C++.
Experience with AWS or cloud technologies.
2+ years of any combination of: AI security, threat modeling, secure coding, identity management and authentication, software development, cryptography, or application security.
Experience with security testing of LLM-based applications or performing security activities across the SDLC (security design review, threat modeling, secure code review, security testing).
Familiarity with HIPAA compliance requirements for healthcare data.
Skills
Not specified.
Benefits
Not specified.
Pay
Base salary range: $159,300.00 - $202,400.00 USD annually
Schedule
Not specified.