AWS Application Security Engineer

2 months agoArlington, VA


The AWS IT Security team is responsible for the security and availability of all services offered by AWS, as well as provides security support for teams acquired by AWS. This includes building security organizations and processes for AWS subsidiaries such as Elemental Technologies and Twitch. The AWS Security team works with services teams to design and build secure solutions, participate and coordinate cross-organization security initiatives, and solve security challenges at scale. This is an exciting and visible role you will directly influence the security postures for AWS acquired products and services. You will regularly interact with world-class engineers and senior leadership.

The AWS Security Acquisition Security team is looking for a Security Engineer to help build and grow security operations within acquired service teams in order to address both deeply technical and programmatic security issues, as well as emerging new threats. This individual will lead security due diligence efforts, plan security integration, and execute efforts for AWS acquisitions. The role requires partnering with executive business sponsors to define key security issues for potential acquisitions, implementing actionable plans to achieve remediation of security threats, and diving deep on tactical security aspects of a service in need of extra attention. Security Engineers oversee and influence cross-functional security diligence and integration teams to ensure all relevant security tasks are completed. Stakeholder groups include acquiring business and the broader AWS Security teams, technology and IT partners, HR, tax, legal, finance, open source, accounting, and communications.

You will be able to work autonomously, expected to be a natural problem solver, collaborative, and not fazed by adversity or ambiguity. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cloud security threats, the ability to influence people from customers to managers thru technical solutions, and the desire to be an individual contributor to securing Amazon's next generation technology.

• Work with engineering teams across AWS to prioritize security issues identified during Security Due Diligence and Application Security Reviews.
• Provide expert advice and consultancy to internal customers on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
• Implement information security controls and patterns that support risk assessments and the development of secure architectures.
o This will involve understanding AWS service interdependencies and driving secure technical solutions for multi-tiered systems.
• Collaborate with engineering teams to drive product roadmaps, by providing security requirements that map security controls to service features.
• Address bottlenecks, provide escalation management, anticipate and make tradeoffs, and balance the business needs versus technical constraints.
• Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure solutions.
• Clarify and drive project commitments as well as establish and maintain clear chains of accountability.
• Lead internal process improvement projects, including the development and implementation of internal security tools.
• Provide security training and outreach to internal development teams.
• Provide security guidance documentation.
• Lead MVP development of security tools.
• Provide assistance with metrics delivery and improvements.
• Provide assistance with recruiting activities and administrative work.

Our team also puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced lifeboth in and outside of work.

Our team is dedicated to supporting new members. We have a broad mix of experience levels and tenures, and we're building an environment that celebrates knowledge sharing and mentorship. We care about your career growth and strive to assign projects based on what will help each team member develop into a better-rounded engineer and enable them to take on more complex tasks in the future.

Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

**This role is open to alternative locations including: New York, NY Boston, MA Seattle, WA - Vancouver, BC Canada - Herndon, VA Arlington, VA Baltimore, MD San Luis Obispo, CA San Diego, CA


• Bachelor's Degree in Computer Science or related field.

• Minimum of 3+ years of progressive security architecture experience; preferably within a professional services firm or similar environment working with startups and large security mature companies.

• 3+ years of application security experience designing, building or testing web and API-based architectures

• 3+ years of experience working with stakeholders across many functions.


• Meets/exceeds Amazon's leadership principles requirements for this role

• Meets/exceeds Amazon's functional/technical depth and complexity for this role

• Understanding of security vulnerabilities, attacker exploit techniques, and methods for remediation of such.
• Capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance.

• Experience communicating technical concepts to a non-technical audience.

• Prior working experience in or with a Software Development Team.

• Corporate development, management consulting, or mergers and acquisitions experience

• Cloud or E-commerce industry experience

• Demonstrated experience in areas such as system security, network, and/or application security experience.

• Understanding of best practices in one or more security engineering specialties: secure development, cryptography, network security, security operations, systems security, policy, and incident response.

• Experience developing and interpreting security compliance standards and guidance.

• Software Development management experience

• Scripting skills (e.g., Python, C, C++, Java, Ruby, or PowerShell)

• Master's degree in business or technology field is an

Amazon is committed to a diverse and inclusive workforce. Amazon is an equal opportunity employer and does not discriminate on the basis of race, ethnicity, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Job ID: Amazon-1393226