Cyber Threat Intelligence Security Engineer II
- Seattle, WA
The Amazon Threat Intelligence team is responsible for investigating and understanding threat actors that are targeting Amazon's businesses. As a Cyber Threat Intelligence Security Engineer will support the daily operation of our threat intelligence program. This role will work to understand threat actors and use your skills to analyze and understand their capabilities as observed in the threat landscape.
You provide analysis and support for emerging threats and threat actors targeting Amazon and Amazon Subsidiaries. You coordinate with other Security Engineers to provide actionable intelligence to other security engineering teams including Incident Response, Threat Hunting, and Red Team adversarial simulations. You'll be a critical part of an organization focused on influencing the security culture within Amazon, with the ultimate goal of ensuring the continued safety and security of our customers.
Key responsibilities include:
• Collaborate on developing, implementing, and maintaining our threat intelligence platform and related tooling
• Collect, analyze, and author threat intelligence reports covering new threats, vulnerabilities, products, and research
• Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to our business, including ongoing malware campaigns.
• Demonstrate practical knowledge managing threat data and creating intelligence assessments in support of our incident response & threat hunting missions
• Collect data from intelligence communities, threat intelligence platforms, open source data repositories, and other sources to analyze TTPs and Anomalies
• Conduct detailed technical analysis supported by industry accepted threat intelligence analytical frameworks, tools, and standards.
• Provide timely, relevant, and proactive analysis across Amazon and subsidiaries.
• Proficiency with Python, PHP, Perl, or similar scripting languages
• Bachelor's degree in Computer Science, Computer Engineering, Information Assurance, Cybersecurity, Electrical and Computer Engineering or relevant/equivalent experience working in Information Security
• 3-5 years working within Information Security supporting/performing incident response, Red Teaming, threat hunting, threat intelligence, forensics, or similarly related experience.
• 2-4 years of experience developing and producing threat analysis products (technical and/or non-technical) for customers
• 1-2 years scripting/programming experience, e.g., Python, C, C++, Java, Ruby, and/or PowerShell
• 1 year experience with SQL or other query languages, e.g., SQL, SparkQL, GraphQL
• Knowledge of current security trends, threats and mitigations.
• Demonstrated experience with analytical tools and processes
• Excellent written and oral communication skills; must be able to write/present with impact
• Demonstrated ability to work both independently and within a matrixed/multi-faceted organization
• Demonstrated sense of ownership, urgency, and accountability
• Work experience in Threat Intelligence, Cyber security field is highly desired
• 3-5 years of experience conducting threat intelligence research and analysis
• 3-5 years global analysis and threat mitigation background
• 3-5 years scripting/programming experience: Python, C, C++, Java, Ruby, and/or PowerShell
• Experience using Threat Intelligence Platforms, building integrations with these platforms, and supporting customers in their use of these platforms
• Familiarity with nation state, criminal, and financially motivated actor groups
• Understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK)
• A background in intelligence analysis is a plus, with knowledge of IR best practices at an enterprise level
• Advanced degree within intelligence or computer science
• Standing relationships with global associations relevant to the position
• Certifications (any security certification like but not exclusive to the following): CEH, OSCP, GREM, GCTI, or GCIH
Back to top