SecurityEngineerII

AWS Corporate Security Response is looking for a Security Engineer who thrives at the intersection of hands-on incident response and intelligent automation. You must think like both an attacker and a defender — understanding adversary tradecraft to detect, investigate, and disrupt threats across Amazon's corporate infrastructure at massive scale. You'll investigate active threats — malware campaigns, phishing attacks, credential compromise, and novel attack patterns — while simultaneously shaping an agentic investigation platform that scales our response capability beyond what any human team could achieve alone. You will independently lead security investigations from detection through containment and remediation. You'll extract IOCs, perform host forensics, scope impact across multiple data sources, check for lateral movement, and drive security issues to resolution — documenting every step as the investigation unfolds. You'll also serve as a demanding customer and quality owner of our AI-powered investigation platform, authoring the investigation user stories that define how autonomous agents analyze threats, designing the guardrails that keep them safe, and validating that automated output meets the same standard a skilled human investigator would produce. When you identify gaps in our capabilities, you won't wait — you'll quickly design and build tooling that enables programmatic automation at scale, then feed those patterns into the next generation of autonomous investigation. Key job responsibilities * Lead Sev2 security investigations end-to-end: acknowledge, investigate with depth (not speed), document as you go, and own through resolution * Triage Sev2 candidates — promote decisively when indicators are clear, downgrade with documented rationale when they're not * Analyze open source threat intelligence — these reports contain temporal IOCs that decay with age, making rapid validation and proactive blocking critical * Author and validate agent investigation