Jobs · Consulting · Washington

Security Engineering Manager, AWS Foundational & Hardware Security

Amazon Web Services (AWS) · Seattle, WA · Yesterday
ConsultingFull-time

About the role

AWS Security is seeking an experienced and technical Security Engineering Manager to lead the Foundational & Hardware Security team. This role involves owning the hardware security practice within AWS, driving security strategy across custom silicon design, firmware, and platform technologies. You will lead a team of world-class security engineers, engage deeply with AWS hardware engineering and platform teams to shape their security roadmaps, and ensure that AWS hardware platforms — from custom chipsets to edge and hybrid devices — are built and operated to the highest security standards.

Responsibilities

  • Lead, mentor, and grow a team of security engineers, fostering a culture of technical excellence and ownership

  • Engage early with AWS hardware engineering teams — including silicon design, firmware, and platform engineering — to influence their security roadmaps, embed security requirements from the earliest stages of product design, and ensure security is a first-class consideration from chip architecture through deployment

  • Define and drive the multi-year hardware security strategy for AWS, covering:

    • Custom silicon security: chip-level security architecture for AWS-designed processors such as Graviton, Trainium, and Inferentia — including secure boot, hardware root of trust, memory protection, and inter-chip communication security (encryption, side-channel resistance, power analysis attack mitigations)

    • Firmware security: secure firmware development lifecycle, firmware integrity verification, anti-rollback protections, and vulnerability management across AWS hardware platforms

    • TPM and cryptographic hardware: TPM implementation, hardware security module (HSM) integration, and cryptographic key management at the hardware layer

    • Edge and hybrid device security: end-to-end hardware security for AWS edge and hybrid devices such as AWS Snowball and AWS Outposts — including physical tamper resistance, secure provisioning, and field security operations

    • IoT and device security: hardware security architecture for connected and embedded devices, including secure element integration, device attestation, over-the-air (OTA) update security, and hardware-enforced isolation

    • Platform and hypervisor security: security verification of platform technologies including hypervisors, virtualization layers, and hardware-software interfaces — ensuring hardware security controls are correctly implemented and enforced at the platform level

  • Verify security controls implemented across hardware, firmware, and platform technologies — conducting rigorous security assessments, threat modeling, and penetration testing to validate that security requirements are met end-to-end

  • Drive all hardware-related security issues to successful resolution, ensuring prompt response to emerging risks across silicon, firmware, and platform layers

  • Communicate major security risks and program status to CISO and AWS Security leadership

  • Develop and maintain team training, onboarding, and career development programs

  • Represent the AWS Security team as an ambassador with external partners, silicon vendors, and industry standards bodies

  • Establish scalable mechanisms for hardware and firmware security review, tooling, and detection across AWS's global hardware fleet

Requirements

  • Bachelor's degree in Computer Science, Information Security, or a related field

  • 4+ years of deep domain expertise in hardware/firmware design and/or virtualization technologies

  • 3+ years of experience managing and developing high-performing security engineering teams

  • Technical understanding of:

    • Chip-level security architecture, secure boot, and hardware root of trust

    • Firmware security — secure development practices, integrity verification, and vulnerability management

    • IoT and device hardware security concepts — device attestation, secure provisioning, hardware-enforced isolation, and OTA security

    • Platform and hypervisor security — understanding of how hardware security controls interact with virtualization and platform software layers

Qualifications

  • Demonstrated ability to engage with and influence engineering teams on security strategy and roadmap

  • Master's degree or PhD in Computer Science, Electrical Engineering, or a related field

  • Experience securing custom silicon programs (e.g., ARM-based SoCs, custom ASICs) in large-scale cloud or data center environments

  • Familiarity with side-channel attacks, fault injection, and physical security testing methodologies

  • Experience with edge and hybrid device security — including tamper-resistant hardware design, secure field provisioning, and remote attestation for devices like AWS Snowball or Outposts

  • Deep understanding of embedded systems security, RTOS security, and low-level firmware attack surfaces

  • Experience verifying security controls across hypervisors and virtualization platforms (e.g., Nitro, KVM, Xen)

  • Track record of influencing hardware and firmware security roadmaps across large engineering organizations

  • Experience working with external security researchers, silicon vendors, ODMs, and regulatory bodies

  • Strong written and verbal communication skills, with the ability to present complex hardware security topics to senior leadership

Skills

  • Strong technical background in hardware and firmware design

  • Experience in security engineering and management

  • Ability to influence and collaborate with cross-functional teams

  • Knowledge of security protocols and standards

  • Experience with security assessment and testing tools

Benefits

Amazon offers comprehensive benefits including health insurance, retirement plans, paid time off, and parental leave. For more information, visit https://amazon.jobs/en/benefits.

Similar jobs