Security Engineer, Amazon Leo Security Controls and Assurance
Role details
Job location
Tech stack
Job description
Design, implement, and maintain security controls for SCADA systems, industrial control systems (ICS), and other operational technology (OT) environments across manufacturing sites
-
Conduct security assessments, vulnerability analyses, and risk evaluations of OT/ICS environments, including SCADA platforms, PLCs, HMIs, and historian systems
-
Develop and enforce network segmentation strategies (e.g., Purdue Model, ISA/IEC 62443) to isolate OT environments from corporate IT networks
-
Identify, triage, and remediate security vulnerabilities and misconfigurations in manufacturing control systems while minimizing operational disruption
-
Collaborate with manufacturing engineering, operations, and IT teams to embed security best practices into OT system design, procurement, and lifecycle management
-
Implement and manage security monitoring and anomaly detection capabilities for OT/ICS environments, including integration with SIEM and log aggregation pipelines
-
Develop and maintain incident response playbooks and procedures specific to OT/ICS environments
-
Support compliance efforts aligned with relevant frameworks including NIST SP 800-82, ISA/IEC 62443, CMMC, and NERC CIP (where applicable)
-
Produce clear, accurate security documentation including threat models, network diagrams, compliance artifacts, and runbooks
About the team The Amazon Leo Security Controls and Assurance team owns a variety of security fields for regulated productivity environments including security architecture, incident response, threat hunting, compliance, and security tool management.
Requirements
Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics)
- 3+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Knowledge of industry-based security vulnerabilities and remediation techniques
- Experience in troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship experience)
- Experience in IT Security
Preferred Qualifications
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- Knowledge of command line tools to troubleshoot protocols, analyze log outputs, or automate basic tasks
- Experience with AWS products and services
Benefits & conditions
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, VA, Arlington - 159,300.00 - 202,400.00 USD annually USA, WA, Bellevue - 159,300.00 - 202,400.00 USD annually
