AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineer to lead the design, deployment, and implementation of complex AWS security and compliance solutions that achieve customer-defined business and security outcomes. The role involves building custom security controls, AI-enabled automation, and tooling that translate security and compliance frameworks into secure‑by‑design implementations on AWS. The engineer will innovate for highly regulated customers, design and build controls, write code, lead reviews, automate remediations, and own security risk identification, mitigation, and engineering outcomes that span beyond a single team.
Key Job Responsibilities
- Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner‑org design and deliverables.
- Engineer and lead AI‑enabled automations, threat modeling, design reviews.
- Build secure‑by‑design IaC modules for Landing Zones, Control Tower customizations, Zero‑Trust architectures, and AI/ML workloads.
- Lead the design, deployment, and implementation of AWS security controls, continuous compliance monitoring, evidence collection, and remediation of insecure configurations to scale with automation.
- Architect custom preventive, detective, and proactive controls, SCPs, RCPs, and policy‑as‑code (cfn‑guard, OPA Rego, Cedar).
- Set high bar for authentication and authorization, data protection, least privilege, encryption, micro‑segmentation, tagging strategy, integrations via API and MCP, and secure AI agentic design.
- Write and review scripts and IaC (Python, Terraform, AWS CDK, CloudFormation, Rego).
- Lead exploratory POCs on emerging technologies, defining hypotheses, success criteria, and go/no‑go gates.
- Lead alignment, resolve escalations, troubleshooting, and root‑cause analysis to closure.
- Lead the development of technical content.
- Communicate security risk and design decisions clearly verbally and in writing to technical, non‑technical, and C‑level audiences.
- Identify and shape sales opportunities, influencing service‑team roadmaps and SAS offering strategy.
- Travel to customer sites as needed.
Basic Qualifications
- Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go.
- Bachelor’s degree or above in computer science, engineering, mathematics or an equivalent STEM field, or related experience.
- Experience managing full application stacks from the OS up through custom applications, or experience with REST API‑based services and threat modeling/penetration testing.
- 5+ years of work in identifying security issues and risks, and developing mitigation plans.
- 4+ years of scripting, programming, and security code review in common programming languages.
- 4+ years of cloud architecture and solution implementation experience, or U.S. government security clearance of top secret or above.
Preferred Qualifications
- Experience applying threat modeling or other risk identification techniques.
- Experience with security in service‑oriented architectures/microservices and web services.
- Experience in one or more of the following: application security frameworks, security code reviews, incident response, security infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls.
- Experience developing, deploying, and managing AI products at scale.
- Experience in security or compliance consulting or advisory work in support of a highly technical environment.
- Experience designing or architecting systems (design patterns, reliability, and scaling) of new and existing systems.
- Experience with compliance & security standards including PCI DSS, ISO 27001, HIPAA, and NIST.
- 8+ years as a technical specialist, including 5+ years in secure coding, software development, cloud security engineering or related work.
- Strong programming and scripting skills in Python, TypeScript, Node.js, Go, Java, or .NET.
- Advanced Infrastructure‑as‑Code proficiency in Terraform, AWS CDK, and/or CloudFormation.
- Expert‑level configuration and architectural experience with AWS security and governance services: Config, GuardDuty, Security Hub, Control Tower, Systems Manager, KMS, IAM, VPC, Lambda, CloudTrail, CloudWatch, EventBridge.
- Track record of deploying SCPs and RCPs in multi‑account AWS Organizations at enterprise scale.
- Experience writing and deploying reusable policy‑as‑code patterns (cfn‑guard, OPA Rego, Cedar, or equivalent).
- Industry and AWS certifications: CISSP, GCIH, GSEC, Security+, AWS Solutions Architect Professional, AWS Security Specialty strongly preferred; additional certifications are a plus.
Amazon is an equal‑opportunity employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation, please visit the Amazon accommodations page for more information.
Company – AWS EMEA SARL (UK Branch)
Job ID: A10455265
#J-18808-Ljbffr…
