Security & Compliance Engineer II, AWS Security Assurance Services, LLC

About The Position

Requirements

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object oriented language experience
• 2+ years of scripting, programming, and security code review in a common programming language (non-internship) experience
• 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command line tools (non-internship) experience
• Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
• Knowledge of networking protocols such as HTTP, DNS and TCP/IP
• Knowledge of industry-based security vulnerabilities and remediation techniques
• Experience conveying complex technical concepts to both technical and business audiences
• Experience that includes strong analytical skills, attention to detail, and effective communication abilities, or experience in Linux OS and network troubleshooting and experience with threat modeling and penetration testing
• Experience applying threat modeling or other risk identification techniques or equivalent
• 3+ years of security engineering or related security experience; Demonstrated ability to deliver security solutions independently within a team scope, handling the full development lifecycle: design, implementation, testing, deployment, and maintenance.
• Demonstrated ability to write and review code, scripts, IaC, and detections in support of security defenses.
• Demonstrated ability to mentor peers, drive consensus on conflicting design or implementation feedback, and provide meaningful review feedback.

Nice To Haves

• 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
• Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
• 3+ years of cloud based solution (AWS or equivalent), system, network and operating system experience, or AWS Professional level certification
• Experience scripting languages and coding skills for one (1) or more of the following: Ruby, C/C++/C#, Node.JS, Java, Python, and PHP
• Experience with AWS technologies like Redshift, S3, AWS Glue, EMR, Kinesis, FireHose, Lambda, and IAM roles and permissions
• Experience writing technical articles, speaking at technology conferences, and contributing to open source
• Experience with compliance & security standards including PCI DSS, ISO 27001, HIPAA, and NIST
• Familiarity with AWS core services and at least one Infrastructure-as-Code tool (Terraform, AWS CDK, or CloudFormation).
• Exposure to policy-as-code tools (cfn-guard, OPA Rego, Cedar, or equivalent).
• Internships, projects, or coursework in cloud security, application security, or compliance automation.
• Familiarity with multi-account AWS Organizations and Service Control Policies.
• Industry or AWS certifications: AWS Certified AI Practitioner, AWS Solutions Architect Associate, AWS Security Specialty, or equivalent (or willingness to earn within the first year).

Responsibilities

• Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
• Design and implement custom preventive, detective, and proactive controls — Service Control Policies (SCPs), Resource Control Policies (RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
• Build secure-by-design Infrastructure-as-Code controls for Landing Zones, AWS Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
• Apply AWS security best practices for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, and API/MCP integration.
• Write and review IaC, scripts, enforcements and detections in Python, Terraform, AWS CDK, CloudFormation, and Rego.
• Build continuous compliance monitoring, automated evidence collection, visualization, reporting, and remediation pipelines that hold up in audit.
• Integrate custom controls with AWS-native and third-party security and compliance tooling.
• Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products.
• Identify risks and edge cases; propose implementation paths and go/no-go gates.
• Apply systematic approaches to risk identification; propose compensating controls when direct remediation isn’t possible.
• Help develop technical content.
• Identify cross-team patterns, gaps, improvements.
• Travel to customer sites as needed.

Benefits

• sign-on payments
• restricted stock units (RSUs)
• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave