Sr. Security Engineer, AWS Security
at Amazon
Location
Seattle, Washington, USA
Type
full time
Posted
1 weeks ago
Tailor your résumé to this role in 30 seconds.
Free account · ATS keyword check · per-job bullet rewrite by Claude.
Job description
Come help us conduct sophisticated offensive security operations targeting emerging threats across the AWS identity and platform infrastructure. This role is responsible for executing Red Team operations across our platform services, performing security research on novel attack surfaces, and developing automated solutions to scale offensive security capabilities. You will work closely with security leadership, engineering teams, and researchers to validate security assumptions and drive meaningful improvements in our security posture.
Amazon Web Services (AWS) Identity and Governance teams build and operate the identity, authentication, and authorization stack for the AWS cloud, and build services that enable customers to manage access and governance across their AWS environments at scale. AWS Identity and Governance services empower customers to confidently and securely execute their workflows with flexible controls which meet their individual security requirements.
As a Senior Security Engineer, you will be a hands-on technical contributor with deep expertise in offensive security for platform and infrastructure services. You'll execute complex security assessments, discover vulnerabilities in AWS infrastructure and applications, and translate technical findings into actionable recommendations. This position requires someone who can work independently on sophisticated technical challenges while collaborating effectively across teams to drive security outcomes.
Key job responsibilities
-Conducting Red Team operations targeting identity and platform services including authentication, authorization, credential management, certificate management, secrets management, and supporting infrastructure.
-Performing offensive security research focused on identity-specific primitives such as token issuance and validation, federation policies, credential delegation mechanisms, and background service workers to discover deep, hidden vulnerabilities in how authentication and authorization technology is offered to builders.
-Building and executing multi-phase attack chains including defining targets, identifying attacker starting positions (external, internal, assumed breach), and chaining together primitives to achieve compromise.
-Discovering and exploiting vulnerabilities in public-facing and broadly accessible internal services through hands-on penetration testing, with a focus on identifying entry points that adversaries can leverage and understanding downstream impact to services that depend on identity infrastructure for authentication and authorization.
-Evaluating dependency and supply chain risks by consuming vulnerability intelligence from partner teams, assessing exploitability within the identity services context, and integrating confirmed risks into adversary emulation plans as initial access scenarios.
-Developing automated tools and custom exploit code for threat emulation, adversary simulation, and scaling offensive security capabilities across identity services.
Measuring detection, prevention, and telemetry coverage during adversary emulation exercises and providing detailed technical findings to service teams with remediation guidance.
-Collaborating with detection engineers, service team engineers, and external partner teams to validate that remediations are effective through re-testing, and to advance the overall security posture of identity services.
-Contributing to program metrics including detection coverage targets, mean time to detect for high-priority techniques, and dependency risk intake SLAs, ensuring the program demonstrates measurable progress in closing attack vectors.
A day in the life
- Drive technical direction for security projects impacting multiple teams or organizations
- Author and maintain technical design documents for security systems and controls
- Review and approve security architecture proposals and technical implementation plans
- Lead security reviews for critical systems and applications
- Partner with Product, Operations, and Development teams to drive security improvements
- Represent security engineering in senior-level technical discussions
- Mentor junior security engineers and develop team capabilities
- Drive security best practices across engineering organizations
About the team
The Identity Security team partners with AWS Identity, Governance, and Infrastructure as Code services to reduce risk in our services as they’re built and throughout their lifecycle. The team of security engineers collaborates directly with software engineers to prevent security issues from being introduced at the time of design and development. We proactively look for unknown threats in our services to identify and fix them before they can impact customers. When security issues are detected, we support teams with their response to minimize the impact to customers, while determining what can be done to prevent the issue from happening again. In addition to diving deep with individual services, we also own security efforts that raise the security bar across a broad range of services, such as contingent authorization, auth correctness, and service credential management. We instill a high security bar in our services, working alongside service teams to foster a culture of security and continuous learning.
If you enjoy analyzing the security of web applications and services, driving the delivery of large-scale security solutions, fostering a culture of security across engineering teams, learning and applying new skills on a daily basis, and helping to protect some of the most mission-critical systems in AWS, then join us our challenging endeavor! - Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or other related discipline
- Experience operating as a software developer of highly scaled distributed systems.
- Experience in security engineering and network technologies (PCAP, Netflow), Operating Systems and network security, common attack patterns and exploitation techniques.
- Experience with Security Operations, Incident Response, Threat Hunting and Assurance methodologies.
- Experience with common attack patterns and exploitation techniques. - Practical knowledge of system security analysis techniques such as threat modeling, attack graphs.
- Expertise in writing run-books, and complexity analysis, execute vulnerability scans and reviews vulnerability assessment reports.
- 5+ years of software development or security engineering - Experience effectively communicating complex concepts through written and verbal communication
- Masters or PhD in Computer Science or related field
- Experience on a Red Team or implementing proactive security practices in a professional setting
- Experience leading large-scale security projects
- Sharp analytical abilities and proven system design skills
- Ability to accomplish stretch goals in a highly innovative and fast paced environment
- Excellent leadership, teamwork and collaboration skills.
- Strong sense of ownership and drive
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
USA, WA, Seattle - 178,400.00 - 226,700.00 USD annually
Amazon Web Services (AWS) Identity and Governance teams build and operate the identity, authentication, and authorization stack for the AWS cloud, and build services that enable customers to manage access and governance across their AWS environments at scale. AWS Identity and Governance services empower customers to confidently and securely execute their workflows with flexible controls which meet their individual security requirements.
As a Senior Security Engineer, you will be a hands-on technical contributor with deep expertise in offensive security for platform and infrastructure services. You'll execute complex security assessments, discover vulnerabilities in AWS infrastructure and applications, and translate technical findings into actionable recommendations. This position requires someone who can work independently on sophisticated technical challenges while collaborating effectively across teams to drive security outcomes.
Key job responsibilities
-Conducting Red Team operations targeting identity and platform services including authentication, authorization, credential management, certificate management, secrets management, and supporting infrastructure.
-Performing offensive security research focused on identity-specific primitives such as token issuance and validation, federation policies, credential delegation mechanisms, and background service workers to discover deep, hidden vulnerabilities in how authentication and authorization technology is offered to builders.
-Building and executing multi-phase attack chains including defining targets, identifying attacker starting positions (external, internal, assumed breach), and chaining together primitives to achieve compromise.
-Discovering and exploiting vulnerabilities in public-facing and broadly accessible internal services through hands-on penetration testing, with a focus on identifying entry points that adversaries can leverage and understanding downstream impact to services that depend on identity infrastructure for authentication and authorization.
-Evaluating dependency and supply chain risks by consuming vulnerability intelligence from partner teams, assessing exploitability within the identity services context, and integrating confirmed risks into adversary emulation plans as initial access scenarios.
-Developing automated tools and custom exploit code for threat emulation, adversary simulation, and scaling offensive security capabilities across identity services.
Measuring detection, prevention, and telemetry coverage during adversary emulation exercises and providing detailed technical findings to service teams with remediation guidance.
-Collaborating with detection engineers, service team engineers, and external partner teams to validate that remediations are effective through re-testing, and to advance the overall security posture of identity services.
-Contributing to program metrics including detection coverage targets, mean time to detect for high-priority techniques, and dependency risk intake SLAs, ensuring the program demonstrates measurable progress in closing attack vectors.
A day in the life
- Drive technical direction for security projects impacting multiple teams or organizations
- Author and maintain technical design documents for security systems and controls
- Review and approve security architecture proposals and technical implementation plans
- Lead security reviews for critical systems and applications
- Partner with Product, Operations, and Development teams to drive security improvements
- Represent security engineering in senior-level technical discussions
- Mentor junior security engineers and develop team capabilities
- Drive security best practices across engineering organizations
About the team
The Identity Security team partners with AWS Identity, Governance, and Infrastructure as Code services to reduce risk in our services as they’re built and throughout their lifecycle. The team of security engineers collaborates directly with software engineers to prevent security issues from being introduced at the time of design and development. We proactively look for unknown threats in our services to identify and fix them before they can impact customers. When security issues are detected, we support teams with their response to minimize the impact to customers, while determining what can be done to prevent the issue from happening again. In addition to diving deep with individual services, we also own security efforts that raise the security bar across a broad range of services, such as contingent authorization, auth correctness, and service credential management. We instill a high security bar in our services, working alongside service teams to foster a culture of security and continuous learning.
If you enjoy analyzing the security of web applications and services, driving the delivery of large-scale security solutions, fostering a culture of security across engineering teams, learning and applying new skills on a daily basis, and helping to protect some of the most mission-critical systems in AWS, then join us our challenging endeavor! - Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or other related discipline
- Experience operating as a software developer of highly scaled distributed systems.
- Experience in security engineering and network technologies (PCAP, Netflow), Operating Systems and network security, common attack patterns and exploitation techniques.
- Experience with Security Operations, Incident Response, Threat Hunting and Assurance methodologies.
- Experience with common attack patterns and exploitation techniques. - Practical knowledge of system security analysis techniques such as threat modeling, attack graphs.
- Expertise in writing run-books, and complexity analysis, execute vulnerability scans and reviews vulnerability assessment reports.
- 5+ years of software development or security engineering - Experience effectively communicating complex concepts through written and verbal communication
- Masters or PhD in Computer Science or related field
- Experience on a Red Team or implementing proactive security practices in a professional setting
- Experience leading large-scale security projects
- Sharp analytical abilities and proven system design skills
- Ability to accomplish stretch goals in a highly innovative and fast paced environment
- Excellent leadership, teamwork and collaboration skills.
- Strong sense of ownership and drive
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, WA, Seattle - 178,400.00 - 226,700.00 USD annually