Sr. Security & Compliance Engineer, AWS Security Assurance Services, LLC
Amazon Web Services (AWS) · Nashville, TN · 6 days ago
EngineeringFull-time
About the role
AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineer to lead the design, deployment, and implementation of complex AWS security and compliance solutions.
Responsibilities
- Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner-org design and deliverables.
- Engineer and lead AI-enabled automations, threat modeling, design reviews.
- Build secure-by-design IaC modules for Landing Zones, Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
- Lead the design, deployment, and implementation of AWS security controls, continuous compliance monitoring, evidence collection, and remediation of insecure configurations to scale with automation.
- Architect custom preventive, detective, and proactive controls, SCPs, RCPs, policy-as-code (cfn-guard, OPA Rego, Cedar).
- Set high bar for authentication and authorization, data protection, least privilege, encryption, micro-segmentation, tagging strategy, integrations via API and MCP, and secure AI agentic design.
- Write and review scripts, and IaC (Python, Terraform, AWS CDK, CloudFormation, Rego).
- Lead exploratory POCs on emerging technologies. Define the hypothesis, success criteria, and go/no-go gates.
- Lead alignment, resolve escalations, troubleshooting, and root-cause analysis to closure.
- Lead the development of technical content.
- Communicate security risk and design decisions clearly verbally and in writing to technical, non-technical, and C-level audiences.
- Identify and shape sales opportunities. Influence service-team roadmaps and SAS offering strategy.
- Travel to customer sites as needed.
Qualifications
- 5+ years of work in identifying security issues and risks, and developing mitigation plans experience.
- 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience.
- Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go.
Preferred Qualifications
- Experience with security in service-oriented architectures/microservices and web services.
- 8+ years as a technical specialist, including 5+ years in secure coding, software development, cloud security engineering or related work;
- Strong programming and scripting skills in Python, TypeScript, Node.js, Go, Java, or .NET.
- Advanced Infrastructure-as-Code proficiency in Terraform, AWS CDK, and/or CloudFormation.
- Expert-level configuration and architectural experience with AWS security and governance services: Config, GuardDuty, Security Hub, Control Tower, Systems Manager, KMS, IAM, VPC, Lambda, CloudTrail, CloudWatch, EventBridge.
- Track record of deploying SCPs and RCPs in multi-account AWS Organizations at enterprise scale.
- Experience writing and deploying reusable policy-as-code patterns (cfn-guard, OPA Rego, Cedar, or equivalent).
- Industry and AWS certifications: CISSP, AWS Solutions Architect Professional, AWS Security Specialty strongly preferred; additional certifications a plus.
Benefits
Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance, 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.