Security Engineer III, Vulnerability Management and Response - Strategic Enablement

About The Position

Requirements

• 4+ years of non-internship background in troubleshooting systems issues, analyzing logs, or automating complex tasks using command line tools experience
• 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
• Experience working in identifying security issues and risks, and developing mitigation plans
• Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques
• Experience as a mentor, tech lead or leading an engineering team

Nice To Haves

• Experience applying threat modeling or other risk identification techniques or equivalent
• Experience with security in service-oriented architectures/microservices and web services

Responsibilities

• Define the technical security strategy for vulnerability management automation and a homegrown vulnerability detection platform, ensuring scalable and sustainable integration of new security capabilities into Amazon's infrastructure.
• Lead the design and development of advanced security automation, workflows, and tooling; delegate implementation details to other engineers while ensuring technical excellence and alignment with team objectives.
• Drive the creation of proof-of-concepts and production-ready solutions for vulnerability detection, assessment, and remediation across diverse environments, setting best practices for approach and execution.
• Partner with TPMs, SDEs, and cross-organizational stakeholders to translate ambiguous program requirements into robust technical designs that scale across Amazon; identify integration risks early and provide clear mitigation paths.
• Perform deep research and analysis on emerging vulnerabilities, novel exploitation techniques, and industry trends; anticipate threats and proactively evolve detection methods to address future challenges.
• Act as a technical multiplier by mentoring, coaching, and developing other security engineers, growing their ability to independently solve complex problems while instilling strong mental models for approaching security issues.
• Serve as the escalation point for complex or ambiguous issues, unblocking engineers by providing clarity, context, and principled technical direction that balances security, scale, and business needs.

Benefits

• Flexible work hours and arrangements
• Endless knowledge-sharing, training, and other career-advancing resources
• Opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores