Amazon Security Engineer II, AWS Trust and Safety in Herndon, Virginia
AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. The AWS Global Support team interacts with leading companies and believes that world-class support is critical to customer success. AWS Support also partners with a global list of customers that are building mission-critical applications on top of AWS services.
AWS Trust and Safety (T&S) is the primary organization within AWS responsible for taking mitigation actions against customer resources that violate the AWS AUP or otherwise threaten other AWS customers, services, and AWS IP reputation. We work closely with AWS service teams to determine appropriate mitigation actions and act as the customer facing outreach team on their behalf.
You will join our global, innovative, and specialized Risk and Response team who respond to reports of AWS AUP violations and security incidents to:
Identify tactics, techniques, and procedures used by abusive threats and identify/execute remediation actions to remove the threat from AWS.
Work with other AWS security teams to develop automated detections for these abusive threats, and responds to security incidents caused by abusive behavior which could affect AWS services.
Respond to abuse incidents and manage the response for T&S from notification to remediation.
Represent T&S as the technical expert on abuse during high-impact situations requiring immediate response to protect AWS and its customers from violations of the AWS AUP.
You must thrive in ambiguous, often high-pressure situations to identify the cause of abuse and develop mitigation and remediation actions.
Key job responsibilities
You are a technical leader within the T&S organization. You must understand the mechanics of how security incidents occur in the cloud, understand the mitigation option, and provide guidance to frontline employees in response to violations of the AUP.
Use SQL and Python or similar scripting languages to automate tasks and retrieve data to identify trends in abuse.
You will engage autonomously with AWS customers, programs, and services to create, build, and innovate security operations.
Communicate ideas effectively, both verbally and in writing, to all types of audiences from front line employees to AWS VPs.
Complete projects that contribute to the objectives and goals that strive to meet our strategic vision for the team.
Partnering effectively with customers and stakeholders. You will help establish a roadmap and successfully deliver engineering solutions that drive towards accomplishing the team’s mission.
Work effectively with customers, leaders, and other engineering teams. You must foster a constructive dialogue, harmonize discordant views, and lead the resolution of contentious issues (influence and build consensus).
Proactively identify risks and bring them to the attention of your manager, customers, and stakeholders with plans for mitigation before they become larger events.
You will be Amazon’s voice in technical security engagements with customers addressing abuse.
Collect, analyze, and document information to author threat reports to drive scalable mitigation and remediation actions.
Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to our business, including ongoing malware campaigns.
Collect data from intelligence communities, threat intelligence platforms, open source data repositories, and other sources to analyze TTPs and anomalies.
Drive operational excellence and efficiency in everything you do, whether by researching new, or scaling up existing capabilities, creating effective mechanisms, and automating day-to-day tasks.
Participate in 24/7 on-call duties.
About the team
AWS values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Inclusive Team Culture
Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.
Mentorship & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve in the cloud.
We are open to hiring candidates to work out of one of the following locations:
Herndon, VA, USA
Knowledge of current security trends, threats, and mitigations.
Understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK)
5+ years’ experience in areas such as cloud service infrastructure, cloud security, networking, computer engineering or a BS degree in Computer Science, Cyber Security, Computer Engineering.
3+ years experience with focus in areas such as systems, network, web protocols, and/or application security.
2+ years experience building scalable incident response utilities and automated tools in any of these languages: Python, C, C++, Perl, and/or Ruby.
2+ years experience with SQL or other query languages
Excellent written and oral communication skills
Previous experience on a Security Operations team, or experience coordinating responses to security incidents.
A high degree of organization and be very detail-oriented. Must be able to interact with and influence people at all levels.
Strong knowledge of Computer Science fundamentals, including; data structures, object-oriented programming, design, and analysis of algorithms
A MS degree in Computer Science, MIS, Computer Engineering, or 8+ years’ equivalent technology experience.
5+ years of experience conducting threat intelligence research and analysis
5+ years global analysis and threat mitigation background
5+ years scripting/programming experience: Python, C, C++, Java, Ruby, and/or PowerShell
3+ years of experience building with and securing AWS cloud services such as Lambda, EC2, and S3.
Experience with virtualization technologies, familiarity with AWS and GuardDuty services is highly valued in particular.
One or more professional network and security certifications such as Security+, CEH, CCNA, GSEC, CISA or CISSP (or equivalent work experience)
Extensive knowledge of internet security issues and threat landscape.
Strong knowledge of web protocols and an in-depth knowledge of Linux/Unix tools and architecture.
Well-rounded background in host, network and application security.
Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.