SIEM Security Engineer, Network Security

At Amazon Web Services (AWS), we provide world-class, flexible, scalable, and secure cloud services to the world’s fastest-growing startups, the largest enterprises, and leading government agencies. We do this by building, maintaining, and securing one of the largest, most complex networks in the world. Within AWS, the Network Security Organization – Threat and Vulnerability Management (NSO-TVM) team is responsible for threat intelligence, vulnerability management, security information and event management (SIEM), and overall network security across the entire AWS global network.

The AWS NSO-TVM team is looking for an experienced security engineer with deep expertise in security information and event management (SIEM) and detection engineering to join us as a Security Engineer. In this role, you will be responsible for driving the growth and adoption of the SIEM program across the AWS network. You will work to research, identify, and assess information security threats to develop and enhance indicators of compromise and alerting. You will then drive the response and remediation of findings in partnership with device owners to ultimately improve the overall security posture of the AWS network. You will serve as a subject matter expert for software developers, program managers, and other security engineers throughout AWS networking. As a level of technical escalation, you will apply your security and business knowledge to drive secure and pragmatic improvements broadly to Networking Services, all while making technical trade-offs between short- and long-term security and business goals.

AWS leads and innovates. We don’t just buy off-the-shelf software or follow others. We research and pursue the best approach for the business, whether that’s building new solutions or leveraging existing ones. Amazon Web Services, and the Network Security Organization in particular, operate at massive scale and as a result, demand the highest standards, passion, and discipline for information security and software engineering. A high level of ownership and accountability is a must for this role.

Basic Qualifications

· Bachelor’s Degree in Computer Science, Information Security, Information Technology, or equivalent work experience
· Minimum of three (3) years of experience in security information and event management (SIEM), detection engineering, or other related discipline

Preferred Qualifications

· Over five (5) years of experience in security information and event management (SIEM), detection engineering, or other related discipline
· Relevant industry certifications (ISC2, ISACA, SANS/GIAC, CompTIA, Microsoft, Linux, AWS)
· Experience with common SIEM tools such as Splunk
· Advanced UNIX (preferably Linux) systems engineering skills and a solid grasp on operating system fundamentals
· Experience in automation via scripting and configuration management tools (Chef, Puppet, Ansible, Salt, CloudFormation, Terraform)
· Knowledge of at least one scripting language (Python, Perl, Ruby, etc.)
· A strong understanding of core internet and networking technologies (e.g. TCP/IP, load balancing, authentication mechanisms)
· Experience leading large-scale security projects
· Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries
· Meets/exceeds Amazon’s leadership principles requirements for this role
· Meets/exceeds Amazon’s functional/technical depth and complexity for this role