Security Engineer II, , Insider Threat & Forensics Investigations

Arlington, Virginia, USA

Applications have closed

Amazon.com

Free shipping on millions of items. Get the best of Shopping and Entertainment with Prime. Enjoy low prices and great deals on the largest selection of everyday essentials and other products, including fashion, home, beauty, electronics, Alexa...

View company page

Amazon is seeking a highly motivated Security Engineer to join our world-class Amazon Security organization and work within the investigations function of our Internal Threat Reduction team to help protect Amazon from insider attacks.

This role is responsible for leading end-to-end insider threat and forensics investigations across Amazon Stores organization and will have the opportunities to research and innovate engineering solutions to improve investigative operations. As part of the Investigations team, you will also participate in building large scale, customized tools that enable you and the team to rapidly investigate, proactively detect, and increase collaboration across partner teams.

A Security Engineer at Amazon is expected to be strong in multiple domains. Engineers in this role work closely with teams throughout Amazon Security, such as Incident Response, Threat Intelligence, and Legal teams, and provide technical leadership and advice to our customers and partners throughout Amazon.

Engineers in this role must demonstrate resilience and navigate difficult situations with composure and tact. This role will be expected to provide thought leadership for the organization as you invent and innovate in the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Amazon and its customers secure.

Key job responsibilities
  • Serve as a primary insider threat and forensics investigator, using an array to tools and capabilities to investigate internal threat cases.
  • Provide subject matter expertise in all aspects of insider threat and forensics investigations.
  • Provide analytical and operational support to internal risk investigations, mitigation, and program objectives.
  • Participate in on-call rotation and lead large-scale incidents requiring parallel investigations, executive communications, reports, and after-action analysis across a global scale.
  • Communicating effectively with varying audiences at multiple levels of sensitivity, often including legal, human resources, business leaders, and partner information technology and information security teams.
  • Keeping your knowledge and skills current with the rapidly changing threat landscape. Evaluating the impact of current security trends, advisories, publications, and academic research to Amazon.

Basic Qualifications


  • BS in Computer Science or related field, or equivalent work experience.
  • 3+ years of demonstrated experience in an Information Security or Investigative role, preferably in digital forensics, incident response, internal threat (aka insider threat) investigations, or a technical engineering role.
  • 1+ years of hands-on experience working in a SOC or operational environment, with understanding of all phases of a typical incident response process.
  • Advanced knowledge and understanding of key security engineering fields, such as host-based forensics, network forensics, mobile/IoT forensics, OSINT, security control validation and defense, log analysis and DLP/SIEM/EDR.
  • Effective written and verbal communication skills to communicate security and business risk to a broad range of technical and non-technical audiences.

Preferred Qualifications

  • Experience using open-source and/or commercial forensics tools such as Magnet Axiom, Nuix, Cellebrite Digital Collector and Digital Inspector.
  • Advanced knowledge and understanding of anti-forensics techniques.
  • Relevant industry certifications or training which demonstrate intimate familiarity with the forensics investigations or insider threat discipline (e.g., CFCE, GCFE, GASF, GIME, GCFA, GNFA or CERT, CCITP, NITTF).
  • Experience with digital forensics as part of legal proceedings (e.g., evidence handling, affidavits, testimony).
  • Ability to make concrete progress in the face of ambiguity and imperfect knowledge.
  • Experience with AWS cloud solutions for automation development.
  • Coding proficiency in Python, Go, or similar language.


Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Automation AWS CERT CFCE Cloud Computer Science EDR Forensics GCFA GCFE GNFA Incident response Log analysis OSINT Python SIEM SOC Threat intelligence

Region: North America
Country: United States
Job stats:  5  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.