Who you are
* A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include small-projects in addition to managing incident response activities
* This role requires you to be a national of an EU member state
* 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
* Knowledge of commonly found software security vulnerabilities (like OWASP top 10) and remediation techniques
* 2+ years of programming in one of the following or similar: Python, Ruby, Go, Swift, Java, .Net, C++
* Experience with AWS products and services
* Experience with any combination of the following: threat modelling, secure coding, identity management and authentication, software development, cryptography, system administration and network security
* Experience with Security Engineering (building tools) and Assurance methodologies e.g. fuzzing, static and dynamic code analysis
What the job involves
* A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views
* Engineers in this role are expected to participate fully in the planning of the security team's work and constantly seek opportunities for process improvement
* They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS and Partner Security, and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas
* You will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work
* This role will provide career growth opportunities as you gain new security skills in the course of your duties
* Triage new incoming issues to determine the level of risk they present to AWS, and then accordingly prioritise its remediation in conjunction with the impacted service team
* Participate in efforts to promote security throughout the Company and build good working relationships within the team and with others across Amazon
* Demonstrate high capacity and tolerance for context switching and interruptions while remaining productive and effective
* Escalate issues to senior AWS leadership if you feel your issues are not progressing at the correct pace based on impact to ensure we are putting customers first
* Explore building and improving our tooling to make your own life easier and share that benefit with all our engineers globally
* Assistance with recruiting activities and administrative work
* Lead the triage and response to security incidents, assessing their potential impact on AWS systems and customers
* Coordinate with service teams to implement rapid, effective remediation strategies
* Develop and maintain incident response playbooks and procedures
* Security Operations:
* Monitor security alerts and logs to detect potential threats or anomalies
* Conduct thorough post-incident analyses and contribute to lessons-learned documentation
* Collaborate with other security teams to improve detection and response capabilities
* Automation and Tool Development:
* Design and implement automation tools to enhance incident response efficiency and effectiveness
* Continuously improve existing security tooling and processes
* Share innovations and best practices with the global AWS security community