Sr. Security & Compliance Engineer, AWS Security Assurance Services, LLC
Amazon Web Services (AWS) · Herndon, VA · 6 days ago
Quality AssuranceFull-time
About the role
AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineer to lead the design, deployment, and implementation of complex AWS security and compliance solutions.
Responsibilities
- Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner-org design and deliverables.
- Engineer and lead AI-enabled automations, threat modeling, design reviews.
- Build secure-by-design IaC modules for Landing Zones, Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
- Lead the design, deployment, and implementation of AWS security controls, continuous compliance monitoring, evidence collection, and remediation of insecure configurations to scale with automation.
- Architect custom preventive, detective, and proactive controls, SCPs, RCPs, policy-as-code (cfn-guard, OPA Rego, Cedar).
- Set high bar for authentication and authorization, data protection, least privilege, encryption, micro-segmentation, tagging strategy, integrations via API and MCP, and secure AI agentic design.
- Write and review scripts, and IaC (Python, Terraform, AWS CDK, CloudFormation, Rego).
- Lead exploratory POCs on emerging technologies. Define the hypothesis, success criteria, and go/no-go gates.
- Lead alignment, resolve escalations, troubleshooting, and root-cause analysis to closure.
- Lead the development of technical content.
- Communicate security risk and design decisions clearly verbally and in writing to technical, non-technical, and C-level audiences.
- Identify and shape sales opportunities. Influence service-team roadmaps and SAS offering strategy.
- Travel to customer sites as needed.
Qualifications
- 5+ years of work in identifying security issues and risks, and developing mitigation plans experience.
- 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience.
- Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go.
Preferred Qualifications
- Experience with security in service-oriented architectures/microservices and web services.
- 8+ years as a technical specialist, including 5+ years in secure coding, software development, cloud security engineering or related work;
- Strong programming and scripting skills in Python, TypeScript, Node.js, Go, Java, or .NET.
- Advanced Infrastructure-as-Code proficiency in Terraform, AWS CDK, and/or CloudFormation.
- Expert-level configuration and architectural experience with AWS security and governance services: Config, GuardDuty, Security Hub, Control Tower, Systems Manager, KMS, IAM, VPC, Lambda, CloudTrail, CloudWatch, EventBridge.
- Track record of deploying SCPs and RCPs in multi-account AWS Organizations at enterprise scale.
- Experience writing and deploying reusable policy-as-code patterns (cfn-guard, OPA Rego, Cedar, or equivalent).
- Industry and AWS certifications: CISSP, AWS Solutions Architect Professional, AWS Security Specialty strongly preferred; additional certifications a plus.
Pay
The base salary range for this position is $178,400.00 - $226,700.00 USD annually.