Security Engineer II, AWS Cloud Security Response

About the role

The AWS Cloud Security Response team operates on the 'AWS' side of the Shared Responsibility Model, protecting our customers by ensuring the security of AWS Cloud services. Our engineers independently investigate and resolve security issues across 200+ AWS products, working hands-on with service code, security data, and cloud infrastructure at massive scale. This role goes beyond coordination. You will apply security judgment to drive outcomes, close security gaps through code, and build automation that scales how we respond to security issues. You will think strategically, identifying patterns that point to systemic risks and driving proactive solutions before issues recur. We are looking for security professionals who bring deep technical curiosity and the judgment to operate autonomously in a fast-paced, ambiguous environment. You will leverage the latest technology and tools to augment your capabilities, and you will partner closely with engineering teams to achieve security outcomes. Successful candidates should: - Exercise independent security judgment to assess risk, form informed opinions on severity, and drive engineering teams toward the right outcomes. - Take a hands-on investigative approach to security issues, building deep technical understanding of risk and customer impact. - Be technically proficient across security domains including network and operating system security, cryptography, software security, and incident response. - Communicate complex security issues clearly to both technical and non-technical audiences at all levels. - Challenge flawed analysis and escalate to senior leadership to ensure the best outcome for customers, even against consensus. - Work effectively in AI-augmented workflows, using generative AI tools to accelerate security work. - Mentor and coach junior engineers on security practices and professional growth. - Drive security outcomes across organizational boundaries, partnering effectively with service teams and peer security teams. An ideal candidate should be able to conduct most of the following: - Close security gaps through code, working alongside service teams to develop and validate remediations. - Navigate complex IAM and access control issues with confidence and technical depth. - Build automation that improves how the team operates at scale. - Think proactively, identifying systemic security themes and driving solutions that prevent classes of issues. - Engage with cloud services at the architectural level, understanding how they work in order to assess and address risk. Key job responsibilities - Identify recurring security patterns across AWS services and drive proactive solutions that address root causes and prevent classes of issues. - Build automation to scale incident response procedures, improving efficiency and reducing manual effort across the team's global operations. - Own and drive security issues from identification through resolution, bringing informed risk assessments and security judgment to every engagement with service teams. - Independently reproduce and validate reported security issues to develop a deep understanding of the vulnerability, its exploitability, and its potential customer impact. - Investigate and analyze security data across multiple sources to scope the impact of security issues and inform remediation priorities. - Develop and validate remediations through hands-on code engagement, partnering with service teams to close security issues through code. - Communicate the state of security issues to technical and non-technical audiences at all levels of seniority, up to and including the AWS Chief Information Security Officer. Escalate when the pace of resolution does not match the impact to customers. A day in the life As part of our follow-the-sun rotation, you will receive a handoff from global peers and take ownership of security issues presently in-flight. The issues could relate to any of our 200+ AWS products, so you will often need to learn on-the-fly. Your first task may be to reproduce a newly reported vulnerability, working through service code and infrastructure to confirm the issue and assess the real-world risk. From there, you will analyze security data to understand whether customers have been impacted and determine the scope. You will engage service team engineers with a clear explanation of the issue, your reproduction details, and your recommended path forward. As the day progresses, new issues will be assigned to you based on workload. You will triage them, determine their level of impact, and work toward resolution at the appropriate pace. For some issues, you will develop code-level remediations or build automation to address the problem at scale. Throughout the day, you will balance driving individual issues with identifying patterns across your caseload that point to systemic security gaps. At the end of the day, you will document your work to