Amazon Security Engineer II Threat Hunting Incident Response Team SIRT 

United States, Virginia 

811338281

Amazon Security is looking for an experienced Security Engineer who is excited by the idea of searching for undetected threat activities at petabyte scale. In this role, you will work alongside a team of world class security practitioners and develop novel threat detection and mitigation strategies.Export Control Requirement: Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.Key job responsibilities
- You will query, collate, and evaluate machine-generated data for evidence of potentially damaging activities which could pose a risk to Amazon customers and data.
- You will work alongside our global incident response team and participate in the scoping and analysis of complex security issues.
- You will evaluate threat actor tactics, techniques, and procedures (TTPs) for threat detection opportunities.
- You will design, develop, and deploy early-stage threat detection mechanisms and partner with Threat Detection engineers to establish durable and long-term coverage.
- You will develop metrics and implement solutions to derive operational insights from custom capabilities.
- You will identify opportunities to automate repetitive processes and generate efficiencies for multiple teams.
- You will participate in an on-call rotation and provide ad hoc support to customers during non-business hours, when required.A day in the life
- Develop data base queries to extract threat signals and security artifacts from large and diverse datasets.- Monitor cybersecurity news, media, and blog posts to maintain awareness of changes to the threat landscape.
- Lead and participate in the development of innovative capabilities to identify cyber threat activities at scale.
Work/Life BalanceTraining and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent

- Experience authoring complex threat detection mechanisms
- Experience working with large datasets and distributed computing architectures
- Direct hands-on experience in an Incident Response role or working alongside an Incident Response organization in a direct-support capacity
- Experience investigating security incidents involving Cloud, Container, and Endpoint (Windows/Linux/MacOS) environments