Amazon Web Services, Inc.

Technology

SecurityEngineer,AWSSecurityIncidentResponse

$136–184k Seattle, Washington, United States FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Mid+ candidates.

The Brief

“Security Engineer, AWS Security Incident Response at Amazon Web Services, Inc.. Skills: Security incident response, AI investigation agents, Cloud forensics. Investigate security findings. Respond to security findings”

What You'll Achieve.

Turn every investigation into service improvement; Improve AI accuracy; Prevent recurring investigations

Industry & Context.

Technology

Problems you'll solve

Root cause analysis; Troubleshooting

Eligibility Requirements

On-call rotations, Weekends, US security clearance

What They're Looking For.

Must Have

2+ years web protocols experience, 2+ years common security attacks experience, 2+ years remediation experience, Bachelor's degree in Engineering, Bachelor's degree in Computer Science, Experience coding/scripting, Experience identifying security vulnerabilities, Experience with attack patterns, Experience with remediation techniques, Knowledge of operating systems, Knowledge of hardware, Knowledge of storage, Knowledge of network, Knowledge of security, Knowledge of database administration, Knowledge of cloud infrastructure, Knowledge of access-control system, Knowledge of access-control methodology, Knowledge of network security, Knowledge of application security, Knowledge of system-development security, Knowledge of security architecture, Knowledge of security models, Knowledge of cryptography, Knowledge of operations security, Eligible to obtain US security clearance

Nice to Have

AWS services experience, Cloud offerings experience, GCIH certification, GSEC certification, Security+ certification

What You'll Do.

Investigate security findings

Respond to security findings

Respond to customer-reported events

Perform CloudTrail forensics

Perform threat intelligence correlation

Determine scope of security events

Determine impact of security events

Determine root cause of security events

Walk customers through compromises

Guide containment steps

Review AI conclusions

Provide feedback to AI agents

Improve autonomous investigation quality

Document reusable indicators

Document attack patterns

Document false positive signals

Identify gaps in detection rules

Identify gaps in auto-remediation playbooks

Propose improvements to detection rules

Propose improvements to playbooks

Share effective techniques

Coordinate with internal teams

Mitigate customer security issues

Participate in on-call rotations

How You'll Work.

Team & Collaboration

Cross-functional teams; Internal teams

Communication Scope

Customer calls

Full Job Description

AWS Security Incident Response is looking for a Security Engineer who investigates with urgency, communicates with clarity, and turns every investigation into an opportunity to make the service smarter. You will perform hands-on security response for customers, work alongside AI-powered investigation agents daily, and feed what you learn back into the automation systems that protect all customers. The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows, AI-powered investigation agents, and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve the majority of routine investigations within minutes. Every engineer on the team is expected to be fluent in how these AI systems work, provide feedback that improves their accuracy, and identify opportunities to extend their capabilities. This is not a traditional security operations role. You will investigate security incidents hands-on, but equally important is what happens after the investigation: documenting patterns, proposing detection rules, providing structured feedback to AI agents, and building the automation that prevents the same issue from requiring human investigation again. We treat every investigation as a confirmed security incident until the data proves otherwise. This position requires that the candidate selected be eligible to obtain a US Government security clearance. Key job responsibilities - Investigate and respond to security findings and customer-reported security events using AI-powered investigation tools and manual forensic techniques - Perform CloudTrail forensics, log analysis, and threat intelligence correlation to determine the scope, impact, and root cause of security events in customer AWS environments - Get on calls with customers during active incidents to walk them through what was compromised and the speci

Free ATS check

Applying for this Security Engineer, AWS Security Incident Response role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 21 detected · ranked by frequency

Log analysis ×4

CloudTrail forensics ×3

Threat intelligence correlation ×3

Security incident response ×2

AI investigation agents ×2

Cloud forensics ×2

CloudTrail

Python

Java

Ruby

PowerShell

AWS

Incident response

Forensic techniques

Threat intelligence

Root cause analysis

Detection rules

Automation systems

AI-powered investigation tools

AI-powered tools

Agentic AI assistants

Role Details

Work Mode Onsite

Type FULL TIME

Salary Band 100k-150k

AI-Extracted Insights

Domain Areas

cloud-infrastructurenetwork-securityapplication-securitysystem-development-securitysecurity-architecturesecurity-modelscryptographyoperations-security

Certifications

GCIHGSECSecurity+

ANONYMOUS · UNFILTERED

What do employees actually say about Amazon Web Services, Inc.?

Real rants from real employees. Read before you apply.

Read Company Rants →