Amazon Security Engineer II Threat Hunting Incident Response Team SIRT 

United States, Virginia 

91809129

Our Threat Hunting team hunts for adversarial activity using a variety of tools, methods, intelligence, and techniques. They work hands-on with security logs and are encouraged to be creative and develop innovative techniques to illuminate threat activities. With your technical expertise, you will be solving security challenges at scale and working to protect applications powering the most sophisticated e-Commerce platform ever built.Key job responsibilities
- You will query and collate machine data to search for evidence of potentially damaging threat activities which pose a risk to Amazon customers and data.
- You will work alongside incident responders and support the investigation of ongoing security issues.
- You will reconstruct security events from log data and develop innovative approaches to identify threat actor tactics, techniques, and procedures (TTPs).
- You will build custom capabilities to uncover threats and enable threat hunting operations at scale.
- You will participate in an on-call rotation and provide ad hoc support to customers during non-business hours.
A day in the lifeA day in the life
- Query, collate, and analyze machine-generated data for indications of digital threat activities.
- Develop database searches to extract security artifacts and threat signals from large and diverse datasets.- Monitor cybersecurity media, blog posts, and other sources to maintain awareness of the threat landscape.
- Assist in designing and developing innovative capabilities to identify cyber threat activities at scale.
Work/Life BalanceTraining and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 2+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent

- Experience with AWS products and services
- Experience with programming languages such as Python, Java, C++