Security Engineer, AmSec

Amazon.com, Inc.
Arlington, United States of America
2 days ago

Role details

Contract type
Internship / Graduate position
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 202K

Job location

Arlington, United States of America

Tech stack

Artificial Intelligence
Amazon Web Services (AWS)
Software System Penetration Testing
Command-Line Interface
Code Review
Customer Data Management
Systems Development Life Cycle
Software Tools
Secure Coding
Software Engineering
Data Streaming
Systems Integration
Scripting (Bash/Python/Go/Ruby)
CIS Benchmarks
Programming Languages

Job description

  • Perform technical deep-dive security reviews of third-party services across diverse and ambiguous use cases, including AI/ML integrations, cloud architectures, and services handling sensitive customer data

  • Identify and trace data flows through complex systems, evaluating where security controls are lacking or require supplementation

  • Evaluate vendor penetration test reports, assessing finding applicability and severity within the context of each engagement

  • Threat model third-party use cases to rapidly surface sharp edges and drive risk-proportionate decisions

  • Influence and contribute to AI-powered security tooling that automates and scales review decisions across the organization

  • Clearly communicate identified risks and recommendations to service teams and leadership, driving resolution through escalation when needed

  • Author and improve security baselines, decision rubrics, and implementation patterns for novel third-party use cases

A day in the life

Security Engineers work backwards from customer risk to identify what matters most in a third-party engagement - there is no checklist. You'll apply threat modeling, architecture analysis, and enterprise security control knowledge to bottom out on key risks quickly, then translate findings into clear, actionable guidance. When barriers arise, you focus on solutions: scripting, leveraging AI tools, and codifying decisions in S3T tooling so the next review is faster and more accur.

About the team

Security is central to maintaining customer trust and delivering delightful customer experiences. Our vision is that Builders raise the Amazon security bar when they use our recommended tools and processes, with no overhead to their business. S3T scales through software, not people - using high-judgment engineers to codify security decisions into automation that protects Amazon customers worldwide.

Requirements

Amazon Security is seeking a Security Engineer who thrives in ambiguity and is motivated to build scalable security solutions. The Secure Third Party Tools (S3T) team has bold ambitions to redefine how Amazon protects customer trust across all third-party interactions - shifting from reactive assessments to proactive, automated protection at global scale. Security Engineers are integral to this mission, combining deep technical review expertise with a builder's mindset to influence the AI-powered tooling that scales our impact. They must demonstrate excellent written and verbal communication skills, strong ownership on review engagements, integrating GenAI to improve operationally efficiency, and solid understanding of vendor security risk and effective controls., 3+ years of scripting, programming, and security code review in a common programming language (non-internship) experience, Knowledge of command line tools to troubleshoot protocols, analyze log outputs, or automate basic tasks

  • Experience with AWS products and services

  • Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing

  • Experience in identifying security risks in AI applications

  • Experience in using or developing AI tooling for risk assessment and enabling organizations to make security decisions

  • 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience

Benefits & conditions

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits .

USA, VA, Arlington - 159,300.00 - 202,400.00 USD annually

About the company

At Amazon, security is central to maintaining customer trust. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience across cloud, AI/ML, retail, and more. Inclusive Team Culture In Amazon Security, it's in our nature to learn and be curious. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Work/Life Balance We value work-life harmony. Flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve.

Apply for this position