Threat Intelligence and Detection Engineering, Security Engineer, Infrastructure Security

Job summary
At Amazon Web Services (AWS), we provide world-class, flexible, scalable, and secure cloud services to the world’s fastest-growing startups, the largest enterprises, and leading government agencies. We do this by building, maintaining, and securing one of the largest, most complex infrastructures in the world. Within AWS, the Infrastructure Security – Threat, Vulnerability, and Operations (InfraSec-TVO) team is responsible for threat intelligence, vulnerability management, security information and event management (SIEM), incident response, and overall security across the global AWS infrastructure.

The InfraSec-TVO team is looking for an experienced security engineer with expertise in threat intelligence and detection engineering to join us as a Security Engineer. In this role, you will be responsible for driving the growth and adoption of the SIEM program across AWS infrastructure. You will work to research, identify, and assess information security threats to develop and enhance indicators of compromise and alerting. You will then drive the response and remediation of findings in partnership with Security Operations and device owners to ultimately improve the overall security posture of AWS infrastructure. You will serve as a subject matter expert for software developers, program managers, and other security engineers throughout AWS. As a level of technical escalation, you will apply your security and business knowledge to drive secure and pragmatic improvements broadly to Infrastructure Services, all while making technical trade-offs between short- and long-term security and business goals.

AWS leads and innovates. We don’t just buy off-the-shelf software or follow others. We research and pursue the best approach for the business, whether that’s building new solutions or leveraging existing ones. Amazon Web Services, and Infrastructure Security in particular, operate at massive scale and as a result, demand the highest standards, passion, and discipline for information security and software engineering. A high level of ownership and accountability is a must for this role.

Basic Qualifications

• Bachelor’s Degree in Computer Science, Information Security, Information Technology, or equivalent work experience
• Minimum of three (3) years of experience in threat intelligence, detection engineering, security information and event management (SIEM), or other related discipline

Preferred Qualifications

• Over five (5) years of experience in threat intelligence, detection engineering, security information and event management (SIEM), or other related discipline
• Experience with common SIEM tools such as Splunk or Elasticsearch
• Linux systems engineering skills and understanding of operating system fundamentals
• Experience with automation via scripting and configuration management tools (Chef, Puppet, Ansible, Salt, CloudFormation, Terraform)
• Experience with at least one scripting language (Python, Perl, Ruby, etc.)
• A strong understanding of core internet and networking technologies (e.g., TCP/IP, load balancing, authentication mechanisms)
• Relevant industry certifications (ISC2, ISACA, SANS/GIAC, CompTIA, Microsoft, Linux, AWS)
• Experience leading large-scale security projects
• Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organizational boundaries



Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.