Security Engineer I, Threat Hunting, Security Incident Response Team

Security Engineer I, Threat Hunting, Security Incident Response Team (SIRT) Job ID: | Amazon.com Services LLC Amazon’s Threat Hunting team is looking for a Security Engineer, Threat Hunting who is excited by the idea of searching for and uncovering undetected threat activities at petabyte scale. In this role, you will work alongside other Threat Hunting engineers to proactively identify and eliminate threats wherever they may exist. Our Threat Hunting team searches for adversarial activity using a variety of tools, methods, intelligence, and techniques. They work hands‑on with security logs and are encouraged to be creative and develop innovative techniques to illuminate threat activities. With your technical expertise, you will be solving security challenges at scale and working to protect applications powering the most sophisticated e‑Commerce platform ever built. If you are someone who enjoys researching threats, diving deep into large datasets, and building innovative capabilities to solve everyday problems, we’d like to meet you. Your work will be essential to maintaining customer trust and delivering a delightful experience for our customers. Export Control Requirement: Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum. Key job responsibilities You will query and evaluate machine data for evidence of potentially damaging threat activities which pose a risk to Amazon customers and data. You will reconstruct security events using log data and identify opportunities to increase the fidelity of existing threat signals. You will conduct threat research and develop innovative approaches to identify threat actor tactics, techniques, and procedures (TTPs). You will provide ad hoc support to incident response partners and participate in validating the scope of ongoing security investigations. You will participate in an on‑call rotation and provide ad hoc support to customers during non‑business hours. A day in the life Analyze log data for indications of digital threat activities. Develop queries to extract threat signals from large and diverse datasets. Identify potential logging gaps or other security observability concerns. Work alongside other threat hunting engineers and incident response partners in the investigation of potential threat activities. Monitor cybersecurity media, blog posts, and other sources to maintain awareness of the threat landscape. Work individually and/or as a team on high priority security issues. About the team – Amazon’s Threat Hunting team is a component of the Security Incident Response Team (SIRT) and is responsible for proactively seeking out threat activities that pose a risk to our customers and business operations. Our threat hunters work alongside incident response engineers to support ongoing security investigations. This team has a high operations tempo and is known for building innovative and world‑class solutions to enable the pursuit of advanced threats at petabyte scale. Why Amazon Security – At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Work/Life Balance – We value work‑life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve. Inclusive Team Culture – In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Training and Career Growth – We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge‑sharing, training, and other career‑advancing resources here to help you develop into a better‑rounded professional. Basic Qualifications Experience working as part of a computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT) Experience triaging and developing security alerts and response automation, conducting front‑line analysis, and providing escalation support Experience with common security monitoring, log analysis and forensic tools 1+ years professional (non‑internship) experience within a relevant field Preferred Qualifications Experience with AWS Services including EC2, Lambda, S3, DynamoDB, SQS Experience with at least one modern language such as Java, Python, C++, or C# including object‑oriented design 2+ years experience working as part of a computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT) Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit . If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner. Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $125,500/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on the number of factors including market location and may vary depending on job‑related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign‑on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit . This position will remain posted until filled. Applicants should apply via our internal or external career site. #J-18808-Ljbffr