Security Engineer, Threat Detection
Amazon · Austin, TX
- On site
- Full-time
- $136,000 / year
- Austin, TX
Job highlights
- Develop threat detections for Amazon's network.
- Utilize threat intelligence and security research.
- Automate detection and response with Python.
- Advance detection using machine learning/AI.
- Defend customer data from critical threats.
About the role
Security Engineer Threat Detection at Amazon
Are you excited about advancing the state of threat detection at scale to mitigate risk from an ever-evolving threat landscape impacting a diverse range of businesses?
Amazon Stores Security's Threat Detection team is looking for a highly motivated Security Engineer to join our team. In this role, you will research emerging threats to develop new detection ideas and build high-confidence detections that proactively identify malicious activity across large-scale log data. You will work closely with Incident Response, Threat Hunting, Threat Intelligence, and Red Team to understand threat models and deliver detections that enable rapid response. You will also develop innovative methods utilizing the latest techniques to detect threats at scale. Your expertise will help defend the data of Amazon's millions of customers against the most critical threats.
Key job responsibilities
- Identify critical threats targeting Amazon's network by leveraging threat intelligence and security research, then deliver high-fidelity threat detections aligned to attacker tactics, techniques, and procedures (TTPs).
- Enhance detection engineering processes by improving how detections are scoped, prioritized, developed, tested, and maintained throughout their lifecycle.
- Develop platform requirements to enrich alerts with contextual data, reduce false positives, and automate remediation and response actions in coordination with incident response teams.
- Research and develop mechanisms to advance detection capabilities through machine learning, advanced data correlation, risk-based alerting, or generative AI.
- Automate your way through challenges using Python or other scripting languages to build tooling, validate detections, and streamline operational workflows at scale.
A day in the life
Most days you'll be heads-down building and tuning detections, digging into log data to figure out what malicious activity looks like and how to catch it reliably. You'll spend time reading up on the latest threats and turning that research into something actionable. You'll also work on advancing how we detect threats, whether that's prototyping new approaches using machine learning or generative AI, improving enrichment pipelines, or finding ways to scale what we do. It's a mix of deep technical work and close collaboration with security teams across the organization.
About The Team
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Basic Qualifications
- Experience triaging and developing security alerts and response automation, conducting front-line analysis, and providing escalation support
- Experience scripting with Python, Perl, Bash or PowerShell
- Knowledge of web protocols, common attacks, and Linux/Unix tools and architecture
- Knowledge of cloud computing concepts and design considerations
- 1+ years of non-academic experience in any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
Preferred Qualifications
- Experience with Machine Learning and Large Language Model fundamentals, including architecture, training/inference lifecycles, and optimization of model execution, or experience leading and influencing your team or organization
Key skills/competency
- Threat Detection
- Security Engineering
- Incident Response
- Threat Intelligence
- Machine Learning
- Python Scripting
- Cloud Security
- Network Security
- Vulnerability Analysis
- Attack TTPs
Skills & topics
- Security Engineer
- Threat Detection
- Amazon
- Cybersecurity
- Threat Intelligence
- Incident Response
- Python
- Machine Learning
- Cloud Security
- Network Security
How to get hired
- Tailor your resume: Highlight experience in threat detection, scripting (Python, Perl, Bash, PowerShell), and cloud concepts.
- Showcase threat modeling: Emphasize any experience with threat modeling, secure coding, or network security.
- Demonstrate automation skills: Provide examples of using scripting languages to automate security tasks.
- Quantify achievements: Use metrics to show the impact of your security alert development and response automation.
- Prepare for technical interviews: Be ready to discuss your understanding of web protocols, common attacks, and Linux/Unix systems.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the primary responsibilities of a Security Engineer Threat Detection at Amazon?
- As a Security Engineer Threat Detection at Amazon, you will research emerging threats, develop new detection ideas, and build high-confidence detections to identify malicious activity across large-scale log data. You'll collaborate with Incident Response, Threat Hunting, Threat Intelligence, and Red Team, and develop innovative methods using the latest techniques to detect threats at scale, defending customer data.
- What technical skills are essential for the Security Engineer Threat Detection role at Amazon?
- Essential technical skills include experience scripting with Python, Perl, Bash, or PowerShell, knowledge of web protocols, common attacks, Linux/Unix tools and architecture, and cloud computing concepts. Experience with threat modeling, secure coding, identity management, software development, cryptography, system administration, and network security is also crucial.
- Does Amazon offer training and career growth opportunities for Security Engineers?
- Yes, Amazon is committed to continuous learning and career growth. They offer endless knowledge-sharing, training, and career-advancing resources to help Security Engineers develop into well-rounded professionals and accelerate their careers within various security domains.
- What is the work-life balance like for a Security Engineer at Amazon?
- Amazon values work-life harmony and offers flexible work hours and arrangements. They believe that success at work should not come at the expense of home life, fostering a supportive environment for employees.
- What is the preferred qualification for advancing detection capabilities at Amazon?
- Preferred qualifications include experience with Machine Learning and Large Language Model fundamentals, such as architecture, training/inference lifecycles, and optimization. Experience leading and influencing teams or organizations is also highly valued.
- How does Amazon foster an inclusive team culture for Security Engineers?
- Amazon Security fosters an inclusive culture by encouraging curiosity, learning, and embracing uniqueness. They host ongoing DEI events and learning experiences, recognizing that addressing complex security challenges requires diverse ideas, perspectives, and voices.
- What is the salary range for a Security Engineer Threat Detection at Amazon in Austin, TX?