Security&ComplianceEngineerII

- Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems and applications. - Design and implement custom preventive, detective, and proactive controls — Service Control Policies (SCPs), Resource Control Policies (RCPs), policy-as-code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows. - Build secure-by-design Infrastructure-as-Code controls for Landing Zones, AWS Control Tower customizations, Zero-Trust architectures, and AI/ML workloads. - Apply AWS security best practices for authentication and authorization, data handling, least privilege, encryption, micro-segmentation, tagging strategy, and API/MCP integration. - Write and review IaC, scripts, enforcements and detections in Python, Terraform, AWS CDK, CloudFormation, and Rego. - Build continuous compliance monitoring, automated evidence collection, visualization, reporting, and remediation pipelines that hold up in audit. - Integrate custom controls with AWS-native and third-party security and compliance tooling. - Drive emerging-edge ideas into prototyping end-to-end to inform new security and compliance solutions and products. - Identify risks and edge cases; propose implementation paths and go/no-go gates. - Apply systematic approaches to risk identification; propose compensating controls when direct remediation isn’t possible. - Help develop technical content - Identify cross-team patterns, gaps, improvements. - Travel to customer sites as needed. About the team The AWS Security Assurance Services team, within AWS Support, leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads requires reliable delivery of bar-raising security outcomes and investment in security mechanisms and automation on behalf of our customers. AWS Security Assurance Services LLC, a PC