Jobs · Consulting · California

Senior Security & Compliance Engineer , AWS Security Assurance Services

Amazon Web Services (AWS) · San Francisco, CA · 1 wk ago
ConsultingFull-time

About the role

AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineer to innovate on behalf of customers and lead prototyping and development of the security and compliance solutions. The right candidate will own security risk identification, mitigation, and engineering outcomes that span beyond a single team: designing controls, writing code, leading reviews, automating remediations, and translating compliance frameworks into secure-by-default implementations on AWS.

Responsibilities

  • Engineer AI-enabled automations, lead threat modeling, security design reviews, architecture reviews & security assessments
  • Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner-org designs
  • Build secure-by-default IaC modules for Landing Zones, Control Tower customizations, Zero-Trust architectures, and AI/ML workloads
  • Lead the design, deployment, and implementation of AWS security controls, continuous compliance monitoring, technical control validation, visualization and reporting, automated evidence collection and remediation of insecure configurations at scale
  • Architect custom preventive, detective, and proactive controls, e.g. service-Control- policies, Resource-Control Policies (SCPs and RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows
  • Set the bar for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, integrations via API and MCP, and secure AI agentic design
  • Write and review architecture, code, scripts, IaC, including Python, Terraform, AWS CDK, CloudFormation, REGO
  • Lead alignment, resolve escalations, troubleshooting, and root-cause analysis to closure with peers, senior managers, and principal engineers
  • Lead the development of technical content: sample code, blog posts, workshops, reference architectures, whitepapers
  • Communicate security risk and design decisions clearly verbally and in writing to technical, non-technical, and C-level audiences
  • Identify and shape sales opportunities; provide input to AWS service-team roadmaps and SAS offering strategy

Requirements

  • 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
  • 5+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
  • Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
  • (Non-internship) in scripting, programming, and security code reviewing in a common programming language
  • (Non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques
  • Experience as a mentor, tech lead or leading an engineering team
  • Experience in Cyber Security and in at least one relevant technical area: large-scale systems engineering, queuing and messaging, Linux networking, performance analysis, software-defined networking
  • Experience in the full secure software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations

Qualifications

  • Custom controls development, SCPs and RCPs
  • Experience writing and deploying reusable policy-as-code (cfn-guard, OPA Rego, Cedar, or equivalent)
  • Hands-on expertise with the AWS Security Reference Architecture, AWS Organizations multi-account strategy, Well-Architected Framework, CI/CD at enterprise scale
  • Expert-level knowledge of AWS security and governance services: Config, GuardDuty, Security Hub, Control Tower, Systems Manager, KMS, IAM, VPC, Lambda, CloudTrail, CloudWatch, EventBridge
  • Hands-on technical experience in incident response technology, security, automation, implementation, integration, and/or deployment
  • Spec-driven development; AI agentic design and Model Context Protocol (MCP) experience
  • AWS certifications: Solutions Architect Professional and Security Specialty strongly preferred; additional specialty certifications a plus
  • Experience producing audit-ready evidence and working with third-party assessors

Benefits

Amazon offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.

Similar jobs