Security Engineer II, Network Security Incident Response , Infrastructure Security

Job summary
At Amazon Web Services (AWS), we provide world-class, flexible, scalable, and secure cloud services to the world’s fastest-growing startups, the largest enterprises, and leading government agencies. We do this by building, maintaining, and securing one of the largest, most complex networks in the world. Within AWS, the Network Security Organization – Threat and Vulnerability Management (NSO-TVM) team is responsible for threat intelligence, vulnerability management, security information and event management (SIEM), incident response, and overall network security across the entire AWS global network.

The AWS NSO-TVM team is looking for a Security Engineer with deep expertise in security incident response or security operations to join us as a member of the Network Security Incident Response team. In this role, you will be responsible for leading the investigation, analysis, escalation, and remediation (performing or coordinating) of network security incidents. Additional responsibilities will include maintaining the network security incident response plan, partnership with other AWS teams, and driving after action policy and governance changes. Finally, you will partner with Threat Intelligence and Detection Engineering Security Engineers to improve the detection and response capabilities of the NSO-TVM team.

AWS leads and innovates. We don’t just buy off-the-shelf software or follow others. We research and pursue the best approach for the business, whether that’s building new solutions or leveraging existing ones. Amazon Web Services, and the Network Security Organization in particular, operate at massive scale and as a result, demand the highest standards, passion, and discipline for information security and software engineering. A high level of ownership and accountability is a must for this role.

Basic Qualifications

· Bachelor’s Degree in Computer Science, Information Security, Information Technology, or equivalent work experience
· Minimum of three (3) years of experience in incident response, security operations, security information and event management (SIEM), or other related discipline

Preferred Qualifications

· Over five (5) years of experience in incident response, security operations, security information and event management (SIEM), or other related discipline
· Experience leading incident response activities in a large, globally distributed organization
· Experience as a member of a 24x7 on-call rotation
· Experience with common SIEM tools such as Splunk
· Linux systems engineering skills and a solid grasp on operating system fundamentals
· A strong understanding of core internet and networking technologies (e.g., TCP/IP, load balancing, authentication mechanisms, etc.)
· Experience in automation via scripting and configuration management tools (Chef, Puppet, Ansible, Salt, CloudFormation, Terraform)
· Knowledge of at least one scripting language (Python, Perl, Ruby, etc.)
· Relevant industry certifications (ISC2, ISACA, SANS/GIAC, CompTIA, Microsoft, Linux, AWS)
· Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries





Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.