Security Engineering Manager, AWS Foundational & Hardware Security

About The Position

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field
• 4+ years of deep domain expertise in hardware/firmware design and/or virtualization technologies
• 3+ years of experience managing and developing high-performing security engineering teams
• Technical understanding of: Chip-level security architecture, secure boot, and hardware root of trust
• Firmware security — secure development practices, integrity verification, and vulnerability management
• IoT and device hardware security concepts — device attestation, secure provisioning, hardware-enforced isolation, and OTA security
• Platform and hypervisor security — understanding of how hardware security controls interact with virtualization and platform software layers
• Demonstrated ability to engage with and influence engineering teams on security strategy and roadmap

Nice To Haves

• Master's degree or PhD in Computer Science, Electrical Engineering, or a related field
• Experience securing custom silicon programs (e.g., ARM-based SoCs, custom ASICs) in large-scale cloud or data center environments
• Familiarity with side-channel attacks, fault injection, and physical security testing methodologies
• Experience with edge and hybrid device security — including tamper-resistant hardware design, secure field provisioning, and remote attestation for devices like AWS Snowball or Outposts
• Deep understanding of embedded systems security, RTOS security, and low-level firmware attack surfaces
• Experience verifying security controls across hypervisors and virtualization platforms (e.g., Nitro, KVM, Xen)
• Track record of influencing hardware and firmware security roadmaps across large engineering organizations
• Experience working with external security researchers, silicon vendors, ODMs, and regulatory bodies
• Strong written and verbal communication skills, with the ability to present complex hardware security topics to senior leadership

Responsibilities

• Lead, mentor, and grow a team of security engineers, fostering a culture of technical excellence and ownership
• Engage early with AWS hardware engineering teams — including silicon design, firmware, and platform engineering — to influence their security roadmaps, embed security requirements from the earliest stages of product design, and ensure security is a first-class consideration from chip architecture through deployment
• Define and drive the multi-year hardware security strategy for AWS, covering: Custom silicon security, Firmware security, TPM and cryptographic hardware, Edge and hybrid device security, IoT and device security, Platform and hypervisor security
• Verify security controls implemented across hardware, firmware, and platform technologies — conducting rigorous security assessments, threat modeling, and penetration testing to validate that security requirements are met end-to-end
• Drive all hardware-related security issues to successful resolution, ensuring prompt response to emerging risks across silicon, firmware, and platform layers
• Communicate major security risks and program status to CISO and AWS Security leadership
• Develop and maintain team training, onboarding, and career development programs
• Represent the AWS Security team as an ambassador with external partners, silicon vendors, and industry standards bodies
• Establish scalable mechanisms for hardware and firmware security review, tooling, and detection across AWS's global hardware fleet

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave