AWS Corporate Security Response is looking for a Security Engineer who thrives at the intersection of hands-on incident response and intelligent automation. You must think like both an attacker and a defender — understanding adversary tradecraft to detect, investigate, and disrupt threats across Amazon's corporate infrastructure at massive scale.
You'll investigate active threats — malware campaigns, phishing attacks, credential compromise, and novel attack patterns — while simultaneously shaping an agentic investigation platform that scales our response capability beyond what any human team could achieve alone.
You will independently lead security investigations from detection through containment and remediation. You'll extract IOCs, perform host forensics, scope impact across multiple data sources, check for lateral movement, and drive security issues to resolution — documenting every step as the investigation unfolds. You'll also serve as a demanding customer and quality owner of our AI-powered investigation platform, authoring the investigation user stories that define how autonomous agents analyze threats, designing the guardrails that keep them safe, and validating that automated output meets the same standard a skilled human investigator would produce.
When you identify gaps in our capabilities, you won't wait — you'll quickly design and build tooling that enables programmatic automation at scale, then feed those patterns into the next generation of autonomous investigation.
Key job responsibilities
- Lead Sev2 security investigations end-to-end: acknowledge, investigate with depth (not speed), document as you go, and own through resolution
- Triage Sev2 candidates — promote decisively when indicators are clear, downgrade with documented rationale when they're not
- Analyze open source threat intelligence — these reports contain temporal IOCs that decay with age, making rapid validation and proactive blocking critical
- Author and validate agent investigation user stories, ensuring autonomous investigations match human-quality rigor
- Design and test guardrails and policies — think about how attackers would evade detection, how edge cases produce incorrect results, and how agents might fail in ways developers didn't anticipate
- Build tactical scripts, detection rules, and response automations that address immediate operational gaps — then drive their transition into scalable agentic capabilities
- Participate in a global on-call rotation: own the queue for your shift, monitor operational health, and maintain readiness
- Execute clean shift handoffs: document active investigations, flag anomalies observed during your shift, and explicitly transfer ticket ownership
About the team
CorpSec Response operates 24/7 as a global, follow-the-sun team protecting Amazon's corporate infrastructure. We combine deep human expertise with leading autonomous investigation capabilities. Our engineers are hands-on investigators who also shape the AI systems that augment their work — creating a unique feedback loop between human security expertise and machine-scale automation.
Inclusive Team Culture
We are committed to building a diverse and inclusive team. Amazon's culture of inclusion is reinforced within our Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Work-Life Balance
We value sustainable performance. Our follow-the-sun model means you're not carrying a pager 24/7 — your node owns its shift, and clean handoffs are a core operational discipline.
Growth and Impact
This role offers a rare combination: hands-on technical security work at massive scale, leadership of a high-performing team, and direct influence over an AI-augmented security platform. You'll grow as both a security practitioner and a technical leader.
In the spirit of reconciliation Amazon acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
