Amazon Incident Response Engineer DSS Security 

United States, California, Hawthorne 

76418543

Key job responsibilities
* Investigate and respond to security incidents in the Devices and Services org, setting the pace, and driving rapid, effective response that reduces or eliminates risk
* Act as an incident responder or commander during active security events, coordinating technical response while keeping business stakeholders informed
* Conduct thorough post-mortem analysis of security incidents, driving root cause identification, and identifying opportunities to improve security for Amazon products and services
* Security consults with builder teams to ensure that security is designed into products from their inception
* Collaborate with both technical, and non-technical stakeholders at all levels of the business, to execute rapid, and effective incident response
* Develop, maintain, and respond to detections using Splunk/SOAR, as well as internal Amazon tooling
* Combat various forms of fraud and abuse, by coordinating with business teams to develop comprehensive prevention/detection/response capabilities
* Contribute to team efforts to increase capability and efficiency through automation of manual workloads and increase signal quality using AI/ML tools or approaches
* Assist in runbook development, playbook tuning, and continuous process improvements
* Participate in an on-call rotation (approx. two weekend days per month)
* Maintain and support WAF products that protect Amazon services from abuse, drive adoption, evaluate or tune rules
* Develop and update SQL queries to investigate security incidents, analyze log data, and extract relevant information from logs, databases and services.A day in the life
• Spearhead end-to-end incident response across Amazon's device ecosystem
• Drive real-time decision-making during active incidents
• Conduct impact assessments and implement containment strategies
• Develop durable solutions with engineering teams
• Proactively hunt threats and create new detection mechanisms
• Consult on security for new product designs
• Analyze data to identify hidden vulnerabilities
When incidents arise, we need our builders to feel relief when we arrive. We build bridges, not ivory towers, transforming security from a barrier into an enabler of innovation.

- * 5+ years of industry experience in cybersecurity, with a strong foundation in incident response, detection engineering, or security operations
- * Working knowledge of AWS, WAF, EDR/XDR tools, network telemetry, and log analysis
- * Practical knowledge of attacker tactics, techniques, and procedures (TTPs), with experience leveraging MITRE ATT&CK or similar frameworks to guide incident response or detection engineering
- * Strong interpersonal and communication skills; able to calmly manage high-stakes coordination and decision-making
- * Proficiency with scripting or automation (e.g., Python, PowerShell, Bash)

- * Proficiency with at least one SIEM platform, including writing searches, creating alerts, and analyzing log data to support security investigations; experience with Splunk strongly preferred
- * Exposure to AI/ML-driven anomaly detection, or behavior modeling tools
- * Demonstrated ability to use forensic or threat hunting techniques to identify adversary behavior, detect anomalies, analyze potential malware to support containment and eradication
- * Security certifications such as CISSP, CISM, CRISC, GCIH, CCIR, GCDA, etc.
- * Prior experience in large enterprise environments or supporting multiple business lines
- * Experience securing or responding to incidents in large-scale distributed systems, including cloud-native architectures and service-oriented environments
- * Experience with IOT device security and embedded systems forensics