Customer Incident Response, AWS Security, Customer Incident Response Team
About The Position
Do you want to be on the front lines of customer security, responding to the most complex and novel security incidents in the cloud? Are you skilled at performing incident response activities and passionate about helping customers during their worst day? Are you excited to turn incident insights into automation that scales AWS Security's impact? Do you thrive in fast-paced, high-stakes situations where your expertise directly protects customers? As a member of AWS CIRT (Customer Incident Response Team) within the AWS CISO Office, you will be AWS's final escalation point for customer cloud security incidents. You'll respond to complex, novel, and large-scale security events through our Zipline mechanism, partner with threat intelligence and detection teams, and help build the automation and playbooks that enable AWS to respond faster than threat actors. Building on those experiences, you'll contribute insights that drive service improvements across AWS and help shape how security incident response is practiced at planetary scale. About the team The AWS Customer Incident Response Team (CIRT), part of the AWS CISO Office, is the guardian of the customer security experience when it matters most. We are AWS's final escalation point for customer security incidents - handling the complex, novel, and large-scale events that require deep expertise. We are security builders, not just responders. Our mission is to help customers having their worst day in the cloud, capture insights to drive service improvements, and scale our impact by enabling teams across AWS to respond effectively.
Requirements
- 3+ years of IT Security experience
- Experience in scripting, programming, or security code reviewing in a common language, such as Python, Java, or C++
- Experience with AWS products and services
- Experience in any combination of the following: application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development
- 2+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Experience applying threat modeling or other risk identification techniques or equivalent
Responsibilities
- Perform incident response for complex, novel, and large-scale customer security events via the Zipline mechanism
- Serve as a deep technical resource that earns the trust of customers before, during, and after security incidents
- Capture and analyze incident data to contribute intelligence to AWS Security leadership and service teams
- Design, build, and deploy automation to reduce manual incident response effort and enable faster response
- Develop playbooks and runbooks that enable AWS SIR and other teams to handle incident patterns at scale
- Contribute to the Zipline volunteer program by training and mentoring responders across AWS Security
- Support the CISO Office with incident data, insights, and situational awareness for large-scale events
- Innovate on behalf of customers by asking "what would have to be true?" to eliminate manual work and improve outcomes
- Participate in 24x7 on-call rotation for incident response coverage
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
5,001-10,000 employees
