Security Engineer II, AWS Cloud Security Response

About the position

The AWS Cloud Response Team manages the security and availability of AWS Cloud services. We operate on the 'AWS' side of the Shared Responsibility Model to ensure 'Security of the Cloud' and to protect our customers. This role requires engineers to work tactically with both internal and external stakeholders to solve security challenges at massive scale, and to think strategically to develop and implement changes to drive automation, scalability and continuous progress for the organization.

Responsibilities

• Triage new incoming issues to determine the level of risk they present to AWS, and then accordingly prioritise its remediation in conjunction with the impacted service team.
• Communicate the state of these issues to various audiences, both technical and non-technical, at various levels of seniority (up to and including AWS' Chief Information Security Officer).
• Participate in efforts to promote security throughout the Company and build good working relationships within the team and with others across Amazon.
• Demonstrate high capacity and tolerance for context switching and interruptions while remaining productive and effective.
• Escalate issues to senior AWS leadership if you feel your issues are not progressing at the correct pace based on impact to ensure we are putting customers first.
• Explore building and improving our tooling to make your own life easier and share that benefit with all our engineers globally.
• Assistance with recruiting activities and administrative work.
• Fulfill regular on-call responsibilities.

Requirements

• Bachelor's degree in engineering, cybersecurity, or 4+ years' equivalent professional experience.
• 3+ years of experience on a Security Operations team, coordinating responses to security events which involve multiple teams across an organization, and programmatically preventing recurrence.
• 2+ years or more of demonstrated experience with a focus in areas such as systems, network, and/or application security.
• Understanding of best practices across multiple security disciplines/domains.

Nice-to-haves

• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience.
• Experience implementing security solutions at the business division level or equivalent.
• Bachelor's degree in computer science or equivalent.
• CCSP (Certified Cloud Security Professional) or CEH (Certified Ethical Hacker) or CFR (CyberSec First Responder) or Cloud+ or CySA+ (CompTIA Cybersecurity Analyst) or GCED (GIAC Certified Enterprise Defender) or GICSP (Global Industrial Cyber Security Professional) or PenTest+.

Benefits

• Flexible work hours and arrangements.
• Endless knowledge-sharing, training, and other career-advancing resources.
• Work-life harmony.