Trust and Privacy Engineer, Devices & Services Trust, Privacy, and Accessibility (TPA)

Amazon•Arlington, VA

About The Position

Devices & Services Trust, Privacy and Accessibility (DSTPA) is responsible for maintaining and raising the trust bar for Amazon customers across a diverse set of 30+ Devices and Services. We offer horizontal services for builders to ensure trust is built into our products and services. We also build customer-facing capabilities that provide customers with control and transparency while reducing trustbusting risks, and enable partner teams to innovate with appropriate guardrails for content moderation, privacy, customer promises, accessibility, fairness, and trust. The DSTPA team is seeking an exceptional Trust and Privacy Engineer to support architecting and scaling Gen AI-powered platforms and paved-path solutions that champion trustworthy customer experiences, privacy-by-design and default, and organizational trust at scale. This role will help the team set the standard for how privacy and trust technologies are realized across D&S, and help drive end-to-end adoption of TPA solutions that make trustworthy customer experiences the 'easy' and automatic choice for teams across Amazon. The ideal candidate will excel at navigating complex trust scenarios independently, developing scalable trust frameworks for emerging technologies like Model Context Protocol, and collaborating with cross-functional stakeholders to deliver innovative solutions that balance customer trust, user experience, and business objectives across our global customer base. In this role, you'll engage daily with cross-functional partners across product, legal, policy, risk, science, UX, and engineering teams to gather insights, clarify trust requirements, and identify both challenges and opportunities. You'll participate in collaborative brainstorming sessions to solve complex trust problems and address system design issues that deliver both immediate value and long-term impact. Through regular cross-organizational syncs, you'll stay informed on evolving strategies while representing your work in key leadership forums. You'll work closely with engineering and product teams to help build responsible, innovative, and trustworthy devices and services aligned with our vision of trust and customer impact. Your technical contributions will include designing and developing AI solutions such as agentic AI systems, multi-agent orchestration frameworks, and Model Context Protocol (MCP) implementations. You'll collaborate on fine-tuning large language models, implementing retrieval-augmented generation (RAG) systems, and building scalable vector databases and embedding stores optimized for semantic search and AI workloads. Trust Fundamentals Operations (TFO) within DSTPA is a "horizontal" organization responsible for building technologies, programs, and services at Amazon scale that instill and grow customer trust, create mechanisms to confidently attain existing and ever-evolving regulatory objectives, and ensure the efficiency and effectiveness of our business partners and stakeholders to meet their trust obligations without disruption — in that order of priority. TFO is dedicated to supporting new members. We have a broad mix of job families, experience levels and tenures, and are building an environment that celebrates subject matter expertise, collaboration, knowledge sharing, and mentorship.

Requirements

2+ years of web protocols, common security attacks, and remediation (non-internship) experience
Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
Experience with web protocols, common security attacks, and remediation (non-internship)
Experience solving basic problems by writing code or scripts with some assistance
Experience in one or more of the following: application security frameworks, security code reviews, incident response, security infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls

Nice To Haves

Experience with AWS services or other cloud offerings
Bachelor's degree in Engineering, Computer Science, or a related field
Must be a good human
Must work well with others and be a team player, have high moral standards, lead with integrity and empathy

Responsibilities

Identify and assess customer trust, privacy, security, and accessibility risks throughout the product and data handling lifecycle by conducting technical risk assessments and threat modeling across system architectures, APIs, and data flows.
Test and validate customer trust and privacy controls through developing and executing engineering test cases and validation checks, ensuring system behavior aligns with defined trust requirements and internal privacy expectations
Work with product and engineering teams to integrate trust-by-design and trust-by-default principles into system and product development
Support deployment and maintenance of standardized backend frameworks that embed trust, privacy, and accessibility best practices into engineering workflows.
Design and implement LLM-powered solutions that support privacy and trust analysis workflows, including risk assessment, system behavior analysis, and identification of potential trustbusting gaps.
Develop prompt engineering strategies to enable LLMs to assist with trust and privacy analysis tasks, such as evaluating system architectures, data flows, and generating privacy control recommendations.
Leverage and configure LLM models for privacy- and trust-related use cases, including domain-specific reasoning and analysis.
Help create centralized tooling and systems that enable the Trust by Design function to move fast while meeting privacy obligations and trust commitments to customers.
Build and deploy trust and privacy-focused services on AWS, leveraging cloud-native architectures and AI-powered development tools.
Collaborate with engineering, product, and partner teams, and engage with legal or compliance stakeholders to ensure technical implementations align with customer trust commitments and privacy expectations.