Sr Security Engineer, Perimeter Threat Research Team

Amazon•Seattle, WA

About The Position

AWS Infrastructure Services owns the design, planning, delivery, and operation of all AWS global infrastructure. In other words, we’re the people who keep the cloud running. We support all AWS data centers and all of the servers, storage, networking, power, and cooling equipment that ensure our customers have continual access to the innovation they rely on. We work on the most challenging problems, with thousands of variables impacting the supply chain — and we’re looking for talented people who want to help. You’ll join a diverse team of software, hardware, and network engineers, supply chain specialists, security experts, operations managers, and other vital roles. You’ll collaborate with people across AWS to help us deliver the highest standards for safety and security while providing seemingly infinite capacity at the lowest possible cost for our customers. And you’ll experience an inclusive culture that welcomes bold ideas and empowers you to own them to completion. The AWS Threat Research Team is responsible for publishing a rich source of AWS home-grown threat intelligence for AWS services and customers. We are looking for talented, creative and passionate Security Engineers to help us research threats in innovative ways to deliver actionable threat indicators and disrupt threats. The AWS Threat Research Team (TRT) is looking for a security engineer with deep expertise in application and network security who is passionate about research, advocacy, and protecting large-scale, production applications. As a part of this role, you will: Learn how our products work today, and where we want to take them in the future Help craft and build out threat data gathering security systems at scale Stay on top of cyber security trends and mentor other engineers in the same Act as a technical lead, influencing other engineers’ designs and coding deliverables Work in an agile development environment, collaborating closely with software engineers Have fun in a challenging but rewarding environment We believe that a diverse group of people with different backgrounds and experiences are essential to invention and we therefore do all we can to attract and nurture diversity in our team. As an Amazonian you will learn from and collaborate with talented colleagues across the globe. If this sounds like the opportunity for you, come build with us!

Requirements

Bachelor's degree
5+ years of IT Security experience

Nice To Haves

Knowledge of network, system, and web application attacks and mitigations
Experience in web security, or experience in managing firewalls and experience managing full application stacks from the OS up through custom applications
Experience communicating technical concepts to a non-technical audience
Experience in written and verbal communication with the ability to present complex technical information in a clear and concise manner to executives and non-technical leaders
Experience in one or more scripting languages (e.g., Python, Ruby, Perl)

Responsibilities

The ideal candidate must demonstrate strong proficiency in malware reverse engineering, including the ability to analyze, disassemble, and deconstruct malicious software using industry-standard tools such as IDA Pro, Ghidra, and debuggers like x64dbg. Experience with static and dynamic analysis techniques is essential for identifying malware behavior, capabilities, and indicators of compromise.
A solid foundation in web application security is required, including expertise in identifying and mitigating vulnerabilities such as SQL injection, cross-site scripting (XSS), and authentication flaws. Familiarity with OWASP methodologies and tools like Burp Suite is expected.
Candidates must possess advanced threat hunting capabilities, leveraging hypothesis-driven approaches and behavioral analytics to proactively detect adversarial activity within enterprise environments. Proficiency in crafting custom detection rules and queries across SIEM platforms is essential.
A comprehensive understanding of network security is required, with a strong emphasis on DDoS mitigation and botnet research. The candidate must have experience analyzing botnet infrastructure, understanding command-and-control communication protocols, and identifying botnet propagation techniques. Proficiency in traffic analysis, volumetric attack pattern recognition, and DDoS defense strategies is essential. Hands-on experience with packet capture tools such as Wireshark, Zeek, and NetFlow analysis platforms is expected, along with the ability to research emerging botnet families and their evolving attack vectors.
A working knowledge of threat intelligence frameworks such as MITRE ATT&CK and familiarity with STIX/TAXII standards is preferred.

Benefits

health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
401(k) matching
paid time off
parental leave

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume