Amazon Healthcare Security's (HealthSec) Detections & Monitoring team is hiring a Security Engineer II to design, build, and operate detection and monitoring capabilities that protect Amazon Health Services (AHS) across cloud infrastructure, applications, endpoints, and AI-powered systems. You will work at the intersection of detection engineering and security operations-building detection-as-code pipelines, developing automated investigation and response workflows, and extending monitoring coverage to emerging AI and agentic application architectures.
Working closely with AHS engineering teams, peer security teams, and incident responders, you will ensure that threats targeting healthcare workloads are detected rapidly and investigated efficiently, while maintaining HIPAA compliance and Amazon's security bar. You will also leverage AI/LLM-powered tooling to scale detection, triage, and response beyond traditional approaches.
Key job responsibilities
Design, build, and maintain detection-as-code capabilities across cloud infrastructure (CloudTrail, GuardDuty, VPC Flow Logs), SaaS applications, endpoints, and identity systems, improving coverage and signal quality
Develop and deploy detections and monitoring for agentic applications and AI services, including anomaly detection for LLM-powered tools, agent orchestration systems, and AI service APIs
Build automated investigation and response workflows that replace manual runbooks, leveraging AI to scale triage, enrichment, containment, and remediation
Develop and deploy AI/LLM-powered tooling to investigations, reduce alert fatigue, and extend team capacity beyond traditional headcount constraints
Monitor telemetry data, alerting systems, and dashboards for signals of degradation, compromise, or abuse across AHS environments
Triage and correlate alerts to identify patterns, reduce noise, and surface high-fidelity signals before impact escalates
Lead and participate in incident response: detection, investigation, containment, and retrospectives, identifying root causes and driving long-term resilience improvements
Partner cross-functionally with AHS engineering and platform teams to expand logging, improve observability, and embed detection capabilities into the development lifecycle
Identify gaps in visibility or detection coverage and translate ambiguous threat landscapes into detection and response solutions
Develop and maintain security documentation: detection coverage maps, threat models, runbooks, and monitoring architecture guidelines
BASIC QUALIFICATIONS
- 5+ years of security-related professional experience
- Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or 2+ years of IT Security experience
- Experience directly working with cloud hosting technologies (AWS, Azure, etc.)
- Experience applying threat modeling or other risk identification techniques or equivalent
- Software engineering fundamentals with proficiency in Python, Go, Java, or similar languages, and experience working in production codebases
- Experience with log aggregation and analysis platforms (e.g., Splunk, OpenSearch, ELK, Datadog) and/or endpoint detection tools (e.g., SentinelOne, CrowdStrike)
PREFERRED QUALIFICATIONS
- Experience in Kubernetes, Docker or containers ecosystem
- Experience designing and developing scripts to automate operational burdens and reviewing scripting changes to ensure they meet the standards for maintainability, scalability and security
- Experience building detection-as-code frameworks or custom detection pipelines
- Experience building AI/LLM-powered security tooling or applying AI to detection, triage, or investigation workflows
- Understanding of generative AI technologies, large language models, and AI agents, with ability to identify security risks in agentic architectures
- Experience with threat intelligence, threat hunting, or attacker tradecraft frameworks such as MITRE ATT&CK
- Experience with automated response/SOAR platforms or building investigation automation
- Familiarity with HIPAA compliance requirements for healthcare data
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, WA, Seattle - 159,300.00 - 202,400.00 USD annually