Senior Security & Compliance Engineer , AWS Security Assurance Services

About The Position

Requirements

• 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
• 5+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
• Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
• Experience (non-internship) in scripting, programming, and security code review in a common programming language
• Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques
• Experience as a mentor, tech lead or leading an engineering team
• Experience in Cyber Security and in at least one relevant technical area: large-scale systems engineering, queuing and messaging, Linux networking, performance analysis, software-defined networking
• Experience in the full secure software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations

Nice To Haves

• Custom controls development, SCPs and RCPs.
• Experience writing and deploying reusable policy-as-code (cfn-guard, OPA Rego, Cedar, or equivalent).
• Hands-on expertise with the AWS Security Reference Architecture, AWS Organizations multi-account strategy, Well-Architected Framework, CI/CD at enterprise scale.
• Expert-level knowledge of AWS security and governance services: Config, GuardDuty, Security Hub, Control Tower, Systems Manager, KMS, IAM, VPC, Lambda, CloudTrail, CloudWatch, EventBridge.
• Hands-on technical experience in incident response technology, security, automation, implementation, integration, and/or deployment
• Spec-driven development; AI agentic design and Model Context Protocol (MCP) experience.
• AWS certifications: Solutions Architect Professional and Security Specialty strongly preferred; additional specialty certifications a plus.
• Experience producing audit-ready evidence and working with third-party assessors.

Responsibilities

• Engineer AI-enabled automations, lead threat modeling, security design reviews, architecture reviews & security assessments
• Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner-org designs.
• Build secure-by-default IaC modules for Landing Zones, Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
• Lead the design, deployment, and implementation of AWS security controls, continuous compliance monitoring, technical control validation, visualization and reporting, automated evidence collection and remediation of insecure configurations at scale.
• Architect custom preventive, detective, and proactive controls, e.g. service-Control- policies, Resource-Control Policies (SCPs and RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
• Set the bar for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, integrations via API and MCP, and secure AI agentic design.
• Write and review architecture, code, scripts, IaC, including Python, Terraform, AWS CDK, CloudFormation, REGO).
• Lead alignment, resolve escalations, troubleshooting, and root-cause analysis to closure with peers, senior managers, and principal engineers.
• Lead the development of technical content: sample code, blog posts, workshops, reference architectures, whitepapers.
• Communicate security risk and design decisions clearly verbally and in writing to technical, non-technical, and C-level audiences.
• Identify and shape sales opportunities; provide input to AWS service-team roadmaps and SAS offering strategy.
• Travel to customer sites as needed.

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave
• sign-on payments
• restricted stock units (RSUs)