Job Description
DESCRIPTION
Amazon’s Threat Hunting team is looking for a Security Engineer, Threat Hunting who is excited by the idea of searching for and uncovering undetected threat activities at petabyte scale. In this role, you will work alongside other Threat Hunting engineers to proactively identify and eliminate threats wherever they may exist.
Our Threat Hunting team searches for adversarial activity using a variety of tools, methods, intelligence, and techniques. They work hands-on with security logs and are encouraged to be creative and develop innovative techniques to illuminate threat activities. With your technical expertise, you will be solving security challenges at scale and working to protect applications powering the most sophisticated e-Commerce platform ever built.
If you are someone who enjoys researching threats, diving deep into large datasets, and building innovative capabilities to solve everyday problems, we’d like to meet you. Your work will be essential to maintaining customer trust and delivering a delightful experience for our customers.
Key job responsibilities
- You will query and evaluate machine data for evidence of potentially damaging threat activities which pose a risk to Amazon customers and data.
- You will reconstruct security events using log data and identify opportunities to increase the fidelity of existing threat signals.
- You will conduct threat research and develop innovative approaches to identify threat actor tactics, techniques, and procedures (TTPs).
- You will provide ad hoc support to incident response partners and participate in validating the scope of ongoing security investigations.
- You will participate in an on-call rotation and provide ad hoc support to customers during non-business hours.
A day in the life
- Analyze log data for indications of digital threat activities.
- Develop queries to extract threat signals from large and diverse datasets.
- Identify potential logging gaps or other security observability concerns.
- Work alongside other threat hunting engineers and incident response partners in the investigation of potential threat activities.
- Monitor cybersecurity media, blog posts, and other sources to maintain awareness of the threat landscape.
- Work individually and/or as a team on high priority security issues.
About the team
Amazon’s Threat Hunting team is a component of the Security Incident Response Team (SIRT) and is responsible for proactively seeking out threat activities which pose a risk to our customers and business operations. Our threat hunters work alongside incident response engineers to support ongoing security investigations. This team has a high operations tempo and is known for building innovative and world-class solutions to enable the pursuit of advanced threats at petabyte scale.
Why Amazon Security
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
BASIC QUALIFICATIONS
- Experience working as part of a computer Security Incident Response Team (CSIRT) or Product Security Incident Response Team (PSIRT)
- Experience triaging and developing security alerts and response automation, conducting front-line analysis, and providing escalation support
- Experience with common security monitoring, log analysis and forensic tools
- 1+ years professional (non-internship) experience within a relevant field
Job Tags
Full time, Internship, Flexible hours,