Senior Security Engineer, AWS Identity, AWS Identity Security

Come help us secure critical platform services in the AWS cloud and deliver world-class defense for AWS customers!

Amazon Web Services (AWS) Identity and Governance service teams build and operate identity, authentication, and authorization stack for the AWS cloud, and build services that enable customers to manage access and governance across their AWS environments at scale. AWS Identity and Governance services empower customers to confidently and securely execute their workflows with flexible controls which meet their individual security requirements.

As a Senior Security Engineer at Amazon, you will lead the design, development, and implementation of high priority security features that protect our global infrastructure, products, and customer data. This role combines deep security expertise with advanced software engineering capabilities to build scalable security systems and frameworks. We are seeking an experienced software engineer who brings both skills and passion for raising the security bar., * Lead design, development and implementation of complex security initiatives that impact organization-wide security posture

• Build automated security testing frameworks
• Build prototypes and proofs of concept to demonstrate feasibility for new, innovative security technologies
• Implement security fixes in Java, Python or other relevant languages
• Provide technical mentorship to junior engineers and establish security engineering best practices
• Partner with software development teams to build security controls directly into the development lifecycle
• Lead security incident responses and drive root cause analysis for complex security events
• Influence product roadmaps by providing security expertise during planning phases

Technical Leadership:

• Drive technical direction for security projects impacting multiple teams or organizations
• Author and maintain technical design documents for security systems and controls
• Review and approve security architecture proposals and technical implementation plans
• Lead security reviews for critical systems and applications
• Partner with Product, Operations, and Development teams to drive security improvements
• Represent security engineering in senior-level technical discussions
• Mentor junior security engineers and develop team capabilities
• Drive security best practices across engineering organizations

About the team The Identity Security team partners with AWS Identity, Governance, and Infrastructure as Code services to reduce risk in our services as they're built and throughout their lifecycle. The team of security engineers collaborates directly with software engineers to prevent security issues from being introduced at the time of design and development. We proactively look for unknown threats in our services to identify and fix them before they can impact customers. When security issues are detected, we support teams with their response to minimize the impact to customers, while determining what can be done to prevent the issue from happening again. In addition to diving deep with individual services, we also own security efforts that raise the security bar across a broad range of services, such as contingent authorization, auth correctness, and service credential management. We instill a high security bar in our services, working alongside service teams to foster a culture of security and continuous learning.

4+ years of non-internship background in troubleshooting systems issues, analyzing logs, or automating complex tasks using command line tools experience

• 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
• 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
• Experience (non-internship) in scripting, programming, and security code reviewing in a common programming language
• Experience (non-internship) in troubleshooting systems issues, analyzing logs, or automating complex tasks using command line tools
• Experience working in identifying security issues and risks, and developing mitigation plans
• Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques
• Experience as a mentor, tech lead or leading an engineering team
• Bachelor's degree in Computer Science, Information Technology, or a related field
• 1+ years of network and operating system support, or 4+ years of software development experience
• Experience in technical leadership of development, testing, and implementation of large-scale, complex technology projects
• Knowledge of security technology and concepts (Authentication, Authorization, Single sign-on, Cryptography, etc.)
• Experience architecting/operating solutions built on AWS
• Experience with security in service-oriented architectures and web services
• Knowledge of at least one programming language such as Java, C#, JavaScript, Python, Ruby or Perl
• Relevant knowledge of threat modeling and secure coding practices

Preferred Qualifications

• Experience applying threat modeling or other risk identification techniques or equivalent
• Experience with security in service-oriented architectures/microservices and web services
• Master's degree or equivalent in computer science, computer engineering, or related field, or PhD
• Experience implementing security solutions at the cross-team level
• Experience working with fast-moving, high-performance teams and driving innovative solutions tailored to unique business environments
• Experience working effectively across cross-functional teams and partnering well with people at all levels within an organization
• Experience in ownership of projects and communicating timelines and executing independently
• Experience effectively communicating complex concepts through written and verbal communication
• Sharp analytical abilities and proven system design skills

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.

USA, NY, New York - 175,100.00 - 236,900.00 USD annually USA, TX, Austin - 178,400.00 - 226,700.00 USD annually USA, VA, Arlington - 178,400.00 - 226,700.00 USD annually USA, WA, Seattle - 178,400.00 - 226,700.00 USD annually