Security Engineering Manager, AWS Foundational & Hardware Security
About the role
AWS Security is seeking an experienced and technical Security Engineering Manager to lead the Foundational & Hardware Security team. This role involves owning the hardware security practice within AWS, driving security strategy across custom silicon design, firmware, and platform technologies. You will lead a team of world-class security engineers, engage deeply with AWS hardware engineering and platform teams to shape their security roadmaps, and ensure that AWS hardware platforms — from custom chipsets to edge and hybrid devices — are built and operated to the highest security standards.
Responsibilities
Lead, mentor, and grow a team of security engineers, fostering a culture of technical excellence and ownership
Engage early with AWS hardware engineering teams — including silicon design, firmware, and platform engineering — to influence their security roadmaps, embed security requirements from the earliest stages of product design, and ensure security is a first-class consideration from chip architecture through deployment
Define and drive the multi-year hardware security strategy for AWS, covering:
Custom silicon security: chip-level security architecture for AWS-designed processors such as Graviton, Trainium, and Inferentia — including secure boot, hardware root of trust, memory protection, and inter-chip communication security (encryption, side-channel resistance, power analysis attack mitigations)
Firmware security: secure firmware development lifecycle, firmware integrity verification, anti-rollback protections, and vulnerability management across AWS hardware platforms
TPM and cryptographic hardware: TPM implementation, hardware security module (HSM) integration, and cryptographic key management at the hardware layer
Edge and hybrid device security: end-to-end hardware security for AWS edge and hybrid devices such as AWS Snowball and AWS Outposts — including physical tamper resistance, secure provisioning, and field security operations
IoT and device security: hardware security architecture for connected and embedded devices, including secure element integration, device attestation, over-the-air (OTA) update security, and hardware-enforced isolation
Platform and hypervisor security: security verification of platform technologies including hypervisors, virtualization layers, and hardware-software interfaces — ensuring hardware security controls are correctly implemented and enforced at the platform level
Verify security controls implemented across hardware, firmware, and platform technologies — conducting rigorous security assessments, threat modeling, and penetration testing to validate that security requirements are met end-to-end
Drive all hardware-related security issues to successful resolution, ensuring prompt response to emerging risks across silicon, firmware, and platform layers
Communicate major security risks and program status to CISO and AWS Security leadership
Develop and maintain team training, onboarding, and career development programs
Represent the AWS Security team as an ambassador with external partners, silicon vendors, and industry standards bodies
Establish scalable mechanisms for hardware and firmware security review, tooling, and detection across AWS's global hardware fleet
Requirements
Bachelor's degree in Computer Science, Information Security, or a related field
4+ years of deep domain expertise in hardware/firmware design and/or virtualization technologies
3+ years of experience managing and developing high-performing security engineering teams
Technical understanding of:
Chip-level security architecture, secure boot, and hardware root of trust
Firmware security — secure development practices, integrity verification, and vulnerability management
IoT and device hardware security concepts — device attestation, secure provisioning, hardware-enforced isolation, and OTA security
Platform and hypervisor security — understanding of how hardware security controls interact with virtualization and platform software layers
Qualifications
Demonstrated ability to engage with and influence engineering teams on security strategy and roadmap
Master's degree or PhD in Computer Science, Electrical Engineering, or a related field
Experience securing custom silicon programs (e.g., ARM-based SoCs, custom ASICs) in large-scale cloud or data center environments
Familiarity with side-channel attacks, fault injection, and physical security testing methodologies
Experience with edge and hybrid device security — including tamper-resistant hardware design, secure field provisioning, and remote attestation for devices like AWS Snowball or Outposts
Deep understanding of embedded systems security, RTOS security, and low-level firmware attack surfaces
Experience verifying security controls across hypervisors and virtualization platforms (e.g., Nitro, KVM, Xen)
Track record of influencing hardware and firmware security roadmaps across large engineering organizations
Experience working with external security researchers, silicon vendors, ODMs, and regulatory bodies
Strong written and verbal communication skills, with the ability to present complex hardware security topics to senior leadership
Skills
Strong technical background in hardware and firmware design
Experience in security engineering and management
Ability to influence and collaborate with cross-functional teams
Knowledge of security protocols and standards
Experience with security assessment and testing tools
Benefits
Amazon offers comprehensive benefits including health insurance, retirement plans, paid time off, and parental leave. For more information, visit https://amazon.jobs/en/benefits.