Amazon Security Engineer II Threat Hunting 

United States, Virginia 

914207048

Our Threat Hunting team hunts for adversarial activity using a variety of tools, methods, intelligence, and techniques. They work hands-on with security logs and are encouraged to be creative and develop innovative techniques to illuminate threat activities. With your technical expertise, you will be solving security challenges at scale and working to protect applications powering the most sophisticated e-Commerce platform ever built.Key job responsibilities
- You will query and collate machine data to search for evidence of potentially damaging threat activities which pose a risk to Amazon customers and data.
- You will work alongside incident responders and support the investigation of ongoing security issues.
- You will reconstruct security events from log data and develop innovative approaches to identify threat actor tactics, techniques, and procedures (TTPs).
- You will use your knowledge of attacker tradecraft to identify creative and sophisticated approaches to detect threats across a wide range of telemetry sources.
- You will design, build, and operate custom capabilities to enable threat hunting operations at petabyte scale.
- You will participate in an on-call rotation and provide ad hoc support to customers during non-business hours.A day in the life
- Query, collate, and analyze machine-generated data for indications of digital threat activities.
- Develop searches using SQL to extract threat signals and security artifacts from large and diverse datasets.
- Monitor cybersecurity media, blog posts, and other sources to maintain awareness of the threat landscape.Work/Life BalanceTraining and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

- Bachelor's degree, or CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+
- 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 2+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent

- Experience with AWS products and services
- Experience with programming languages such as Python, Java, C++