Sr. Security & Compliance Engineer, AWS Security Assurance Services, LLC

AWS Security Assurance Services (SAS) is hiring a Senior Security & Compliance Engineer to lead the design, deployment, and implementation of complex AWS security and compliance solutions that accomplish customer-defined business and security outcomes, solving for new levels of scale, complexity, and performance. You will build custom security controls, AI-enabled automation and tooling that translate security and compliance frameworks into secure-by-design implementations on AWS. You will innovate on behalf of AWS’s most highly regulated customers, design and build controls, write code, lead reviews, automate remediations, and own security risk identification, mitigation, and engineering outcomes that span beyond a single team, leading development of the security and compliance solutions and products.

Key job responsibilities
- Own design and architecture choices for security and compliance automation solutions for regulated customers and influence partner-org design and deliverables.
- Engineer and lead AI-enabled automations, threat modeling, design reviews.
- Build secure-by-design IaC modules for Landing Zones, Control Tower customizations, Zero-Trust architectures, and AI/ML workloads.
- Lead the design, deployment, and implementation of AWS security controls, continuous compliance monitoring, evidence collection, and remediation of insecure configurations to scale with automation.
- Architect custom preventive, detective, and proactive controls, SCPs, RCPs, policy-as-code (cfn-guard, OPA Rego, Cedar).
- Set high bar for authentication and authorization, data protection, least privilege, encryption, micro-segmentation, tagging strategy, integrations via API and MCP, and secure AI agentic design.
- Write and review scripts, and IaC (Python, Terraform, AWS CDK, CloudFormation, Rego).
- Lead exploratory POCs on emerging technologies. Define the hypothesis, success criteria, and go/no-go gates.
- Lead alignment, resolve escalations, troubleshooting, and root-cause analysis to closure
- Lead the development of technical content
- Communicate security risk and design decisions clearly verbally and in writing to technical, non-technical, and C-level audiences.
- Identify and shape sales opportunities. influence service-team roadmaps and SAS offering strategy.
- Travel to customer sites as needed.

About the team
The AWS Security Assurance Services team, within AWS Support, leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires reliable delivery of bar-raising security outcomes and investment in security mechanisms and automation on behalf of our customers.
AWS Security Assurance Services LLC, a PCI-QSAC (Payment Card Industry-Qualified Security Assessor company) and HITRUST External Assessor Firm, is a team of industry-certified assessors and Security and Compliance Engineers helping our customers achieve, maintain, and automate compliance in the cloud by tying applicable audit standards to AWS service features and functionality. The team works with AWS’s largest enterprise customers to operationalize the shared responsibility model as they migrate to the cloud.
- 5+ years of work in identifying security issues and risks, and developing mitigation plans experience
- 4+ years of (non-internship) scripting, programming, and security code review in common programming languages experience
- Knowledge of at least two of the following programming languages: Scala, Java, Python, C/C++, or Go
- Bachelor's degree or above in computer science, engineering, mathematics or equivalent, or experience working in Science, Technology, Engineering, or Mathematics (STEM)
- 4+ years of cloud architecture and solution implementation experience, or US government security clearance of top secret or above
- Experience managing full application stacks from the OS up through custom applications, or experience working with REST API based services and experience with threat modeling and penetration testing
- Experience handling ambiguous or undefined challenges through strong problem solving abilities
- Experience managing conflict, escalations, negotiating compromise, influencing others and problem solving with engineering teams
- Experience communicating across technical and non-technical audiences, including executive level stakeholders or clients - Experience with security in service-oriented architectures/microservices and web services
- Experience in one or more of the following: application security frameworks, security code reviews, incident response, security infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls
- Experience developing, deploying and managing AI products at scale
- Experience in security or compliance consulting or advisory work in support of a highly technical environment
- Experience designing or architecting (design patterns, reliability and scaling) of new and existing systems
- Experience with compliance & security standards including PCI DSS, ISO 27001, HIPAA, and NIST
- 8+ years as a technical specialist, including 5+ years in secure coding, software development, cloud security engineering or related work;
- Strong programming and scripting skills in Python, TypeScript, Node.js, Go, Java, or .NET.
- Advanced Infrastructure-as-Code proficiency in Terraform, AWS CDK, and/or CloudFormation.
- Expert-level configuration and architectural experience with AWS security and governance services: Config, GuardDuty, Security Hub, Control Tower, Systems Manager, KMS, IAM, VPC, Lambda, CloudTrail, CloudWatch, EventBridge.
- Track record of deploying SCPs and RCPs in multi-account AWS Organizations at enterprise scale.
- Experience writing and deploying reusable policy-as-code patterns (cfn-guard, OPA Rego, Cedar, or equivalent).
- Industry and AWS certifications: CISSP, AWS Solutions Architect Professional, AWS Security Specialty strongly preferred; additional certifications a plus.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.

USA, TN, Nashville - 151,200.00 - 204,600.00 USD annually
USA, TX, Austin - 178,400.00 - 226,700.00 USD annually
USA, TX, Dallas - 178,400.00 - 226,700.00 USD annually
USA, TX, Houston - 178,400.00 - 226,700.00 USD annually
USA, VA, Arlington - 178,400.00 - 226,700.00 USD annually
USA, VA, Herndon - 178,400.00 - 226,700.00 USD annually
USA, WA, Seattle - 178,400.00 - 226,700.00 USD annually