Senior Security Engineer, AI Red Team, Threat Operations
About the role
The Senior Security Engineer will conduct sophisticated offensive security operations targeting AI systems, infrastructure, and emerging threats. They will perform security research on novel attack surfaces, develop automated solutions to scale offensive security capabilities, and collaborate with security leadership, engineering teams, and researchers to validate security assumptions and drive meaningful improvements in AI security.
Responsibilities
- Conducting Red Team operations targeting AI assets including training pipelines, inference systems, model architectures, and supporting infrastructure
- Performing offensive security research focused on threats to AI systems, AI supply chain security, and AI-enabled threat actor tradecraft
- Discovering and exploiting vulnerabilities in AI infrastructure, applications, and supporting systems through hands-on security testing
- Developing automated tools and solutions for threat emulation and scaling offensive security capabilities
- Analyzing security findings and providing detailed technical recommendations to engineering teams for remediation
- Collaborating with security engineers and research scientists to advance AI security research and translate findings into practical risk insights
- Simulating sophisticated threat actor techniques to validate detection and response capabilities
- Contributing to the development of security metrics and reporting frameworks that demonstrate program effectiveness
- Supporting cross-organizational security initiatives to assess vulnerabilities introduced by growing reliance on AI
About the team
The Threat Operations team protects critical customer trust points through offensive security operations and emergent threat research. The team comprises security professionals with a cross-section of national security and private sector experience, providing a range of perspectives required for creative problem solving. We value diversity of thought, creativity, and a strong Bias for Action and Earn Trust. We believe that there are no "perfect" security solutions and we develop and iterate using a continuous improvement process.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Basic Qualifications
- Experience working in identifying security issues and risks, and developing mitigation plans
- Minimum 5+ years of experience in offensive security testing, penetration testing, or security research
- Hands-on experience with vulnerability discovery, exploitation, and lateral movement techniques
- Strong understanding of cloud security, network security, and application security principles
- Experience with scripting and automation using Python, Go, or similar languages
Preferred Qualifications
- 7+ years of experience in offensive security or related security engineering roles
- Experience with AI/ML security, including threats to AI systems, adversarial machine learning, or AI supply chain security
- Track record of building security tools or automation that scales across organizations
- Experience with Red Team operations, threat-based assessments, or security research programs
- Deep technical knowledge of cloud platforms (AWS, Azure, GCP) and container technologies
- Experience with distributed systems, training infrastructure, or inference optimization
- Demonstrated ability to translate complex technical findings into clear recommendations for diverse audiences
- Contributions to security research community through publications, presentations, or open-source tools
- Understanding of threat actor tradecraft and ability to emulate sophisticated attack techniques
- Experience working with cross-functional teams to drive security improvements