Full Job Description
AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineer to innovate on behalf of customers and lead prototyping and development of the security and compliance solutions. The right candidate will own security risk identification, mitigation, and engineering outcomes that span beyond a single team: designing controls, writing code, leading reviews, automating remediations, and translating compliance frameworks into secure-by-default implementations on AWS. They will lead design, deployment, and implementation of complex AWS security and compliance solutions that accomplish defined business and security outcomes, solving for new levels of scale, complexity, and performance.
Key job responsibilities
Engineer AI-enabled automations, lead threat modeling, security design reviews, architecture reviews & security assessments
Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner-org designs.
Build secure-by-default IaC modules for Landing Zones, Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
Lead the design, deployment, and implementation of AWS security controls, continuous compliance monitoring, technical control validation, visualization and reporting, automated evidence collection and remediation of insecure configurations at scale.
Architect custom preventive, detective, and proactive controls, e.g. service-Control- policies, Resource-Control Policies (SCPs and RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
Set the bar for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, integrations via API and MCP, and secure AI agentic design.
Write and review architecture, code, scripts, IaC, including Python, Terraform, AWS CDK, CloudFormation, REGO).
Lead alignment, resolve escalations, troubleshooting, and root-cause analysis to closure with peers, senior managers, and principal engineers.
Lead the development of technical content: sample code, blog posts, workshops, reference architectures, whitepapers.
Communicate security risk and design decisions clearly verbally and in writing to technical, non-technical, and C-level audiences.
Identify and shape sales opportunities; provide input to AWS service-team roadmaps and SAS offering strategy.
Travel to customer sites as needed.
BASIC QUALIFICATIONS
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
- 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
- 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
- Bachelor's degree in computer science or equivalent
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or 2+ years of IT Security experience
- Knowledge of networking protocols such as HTTP, DNS and TCP/IP
- Knowledge of industry-based security vulnerabilities and remediation techniques
- Experience in scripting, programming, and security code reviewing in a common programming language (non-internship)
- Experience in troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship experience)
PREFERRED QUALIFICATIONS
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 2+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
- Knowledge of command line tools to troubleshoot protocols, analyze log outputs, or automate basic tasks
- Knowledge of networking protocols such as HTTP(S), DNS, and TCP/IP
- Knowledge of networking protocols, to include HTTP(S), DNS, and TCP/IP
- Experience with AWS products and services
- Experience with programming languages such as Python, Java, C++
- Experience in scripting, programming, or security code reviewing in a common language, such as Python, Java, or C++
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, CA, Santa Clara - 166,600.00 - 212,800.00 USD annually