AWS Infrastructure Services owns the design, planning, delivery, and operation of all AWS global infrastructure. In other words, we’re the people who keep the cloud running. We support all AWS data centers and all of the servers, storage, networking, power, and cooling equipment that ensure our customers have continual access to the innovation they rely on. We work on the most challenging problems, with thousands of variables impacting the supply chain — and we’re looking for talented people who want to help.

You’ll join a diverse team of software, hardware, and network engineers, supply chain specialists, security experts, operations managers, and other vital roles. You’ll collaborate with people across AWS to help us deliver the highest standards for safety and security while providing seemingly infinite capacity at the lowest possible cost for our customers. And you’ll experience an inclusive culture that welcomes bold ideas and empowers you to own them to completion.

The AWS Threat Research Team is responsible for publishing a rich source of AWS home-grown threat intelligence for AWS services and customers. We are looking for talented, creative and passionate Security Engineers to help us research threats in innovative ways to deliver actionable threat indicators and disrupt threats. The AWS Threat Research Team (TRT) is looking for a security engineer with deep expertise in application and network security who is passionate about research, advocacy, and protecting large-scale, production applications.

As a part of this role, you will:

• Learn how our products work today, and where we want to take them in the future
• Help craft and build out threat data gathering security systems at scale
• Stay on top of cyber security trends and mentor other engineers in the same
• Act as a technical lead, influencing other engineers’ designs and coding deliverables
• Work in an agile development environment, collaborating closely with software engineers
• Have fun in a challenging but rewarding environment

We believe that a diverse group of people with different backgrounds and experiences are essential to invention and we therefore do all we can to attract and nurture diversity in our team. As an Amazonian you will learn from and collaborate with talented colleagues across the globe.

If this sounds like the opportunity for you, come build with us!

Key job responsibilities
The ideal candidate must demonstrate strong proficiency in malware reverse engineering, including the ability to analyze, disassemble, and deconstruct malicious software using industry-standard tools such as IDA Pro, Ghidra, and debuggers like x64dbg. Experience with static and dynamic analysis techniques is essential for identifying malware behavior, capabilities, and indicators of compromise.

A solid foundation in web application security is required, including expertise in identifying and mitigating vulnerabilities such as SQL injection, cross-site scripting (XSS), and authentication flaws. Familiarity with OWASP methodologies and tools like Burp Suite is expected.

Candidates must possess advanced threat hunting capabilities, leveraging hypothesis-driven approaches and behavioral analytics to proactively detect adversarial activity within enterprise environments. Proficiency in crafting custom detection rules and queries across SIEM platforms is essential.

A comprehensive understanding of network security is required, with a strong emphasis on DDoS mitigation and botnet research. The candidate must have experience analyzing botnet infrastructure, understanding command-and-control communication protocols, and identifying botnet propagation techniques. Proficiency in traffic analysis, volumetric attack pattern recognition, and DDoS defense strategies is essential. Hands-on experience with packet capture tools such as Wireshark, Zeek, and Net Flow analysis platforms is expected, along with the ability to research emerging botnet families and their evolving attack vectors.

A working knowledge of threat intelligence frameworks such as MITRE ATT&CK and familiarity with STIX/TAXII standards is preferred.

About the team
The AWS Perimeter Protection Threat Research Team produces actionable threat intelligence that drives AWS security and networking services, including AWS Shield, AWS WAF, AWS Firewall Manager, and Network Firewall. Our diverse team of security researchers and engineers operates advanced deception technology and threat intelligence systems to identify, track, and analyze bad actors as they continuously evolve their tactics, techniques, and procedures. We proactively monitor emerging threats across some of the largest distributed networks in the world, transforming raw intelligence into meaningful insights that strengthen AWS defenses. If you're passionate about outsmarting adversaries and shaping the future of cloud security at scale, we'd love to have you join us.

Basic Qualifications

• Bachelor's degree
• 5+ years of IT Security experience

Preferred Qualifications

• Knowledge of network, system, and web application attacks and mitigations
• Experience in web security, or experience in managing firewalls and experience managing full application stacks from the OS up through custom applications
• Experience communicating technical concepts to a non-technical audience
• Experience in written and verbal communication with the ability to present complex technical information in a clear and concise manner to executives and non-technical leaders
• Experience in one or more scripting languages (e.g., Python, Ruby, Perl)

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.

USA, WA, Seattle - 178,400.00 - 226,700.00 USD annually