DescriptionAmazon is seeking an innovative Senior Security Intel Engineer to join the Vulnerability and Exploitation Threat Intelligence (VEX TI) team as a part of Amazon Cyber Threat Intelligence (ACTI). As a Senior Security Intel Engineer, you will leverage your in-depth knowledge and analysis of emergent exploits, exploit frameworks, and vulnerabilities to identify novel threat actors, discover attacks against Amazon, AWS and their customers, and drive effective technical countermeasures. ACTI is responsible to identify, curate, and report timely, accurate, and actionable threat intelligence. ACTI delivers cyber threat intelligence to Amazon and AWS leadership, service teams, partners, and both internal and external customers.In the Senior Security Intel Engineer role you will formulate new analytic techniques and work across teams to drive the supporting capabilities. A deep understanding of advanced actor tactics, techniques, and procedures (TTPs) is required, as well as how those TTP s will present themselves in network-based and host-based logs derived from software, operating systems, networks, cloud infrastructure, networking equipment, and web applications. In addition, you will script and help automate recurring tasks to improve the overall effectiveness of the intelligence and how it is utilized throughout Amazon and AWS, to include; tactical integrations with red and blue teams and strategic impact overall. Beyond direct technical work on exploits, vulnerability research, and threat intelligence, the VEX Senior Security Intel Engineer will steer strategic direction in the secure design of AWS services, coordinate take-downs of malicious infrastructure, and drive effective technical countermeasures.Key job responsibilitiesIdentify, research, and analyze novel vulnerabilities discovered in threat intelligence data, applications, devices, and networksInterface with ACTI reverse engineers to provide reversing requirements as well as be able to independently triage malware, analyze exploit code, and study attack techniques to understand how vulnerabilities are being weaponizedPursue actionable intelligence on current exploits, perform deep dive analysis of malicious artifacts related to software exploits, and use that data to identify attacks against Amazon, AWS, and its customersAnalyze large and unstructured data sets to identify trends and anomalies indicative of malicious activitiesCreate security techniques and automation for internal use that enable the team to operate at high speed and broad scaleProvide situational awareness on the current threat landscape and the techniques, tactics, and procedures associated with specific threatsAccurately document ongoing investigations, craft consumable threat intelligence products, and clearly present and communicate emerging threats and high-risk vulnerabilities in cloud, network devices, and web applications to key stakeholdersPeriodic on-call responsibilitiesA day in the lifeIdentify novel and impactful exploits and vulnerabilities to inform threat intelligence analysis and identify new and unknown impactful threat actors targeting Amazon, AWS, and our customers.About the teamThe AWS Threat Intelligence VEX team, part of Amazon Cyber Threat Intelligence (ACTI), is responsible for developing actionable intelligence on exploits and vulnerabilities utilized by advanced cyber threats against AWS services and AWS customers. We obtain indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of sophisticated, emerging actors, and their tools, techniques, and procedures. We then leverage that understanding to proactively identify and mitigate malicious activity.About Amazon SecurityDiverse ExperiencesAmazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn t followed a traditional path, or includes alternative experiences, don t let it stop you from applying.Why Amazon Security?At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.Inclusive Team CultureIn Amazon Security, it s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.Training & Career GrowthWe re continuously raising our performance bar as we strive to become Earth s Best Employer. That s why you ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.Work/Life BalanceWe value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there s nothing we can t achieve.We are open to hiring candidates to work out of one of the following locations:Annapolis Junction, MD, USA | Arlington, VA, USA | Austin, TX, USA | Herndon, VA, USA | New York, NY, USA | Seattle, WA, USABasic QualificationsBS degree in Computer Science, Management Information Systems, Computer Engineering, or 5+ years equivalent technology experience5 years experience with analyzing software exploits and creating corresponding detections and/or countermeasures5 years experience in system, network, and/or application security4 years experience building automated tools in C, C++, Java, Python, Perl, PowerShell, or Ruby3 years experience with SQL or other query languages.Preferred QualificationsMS degree in Computer Science, MIS, Computer Engineering7+ years experience Threat Intelligence research and analysis related to software exploits and the creation of corresponding detections and/or countermeasuresExperience with malware analysis, network flow analysis, and large scale data analysisExperience with fuzzing and web application enumeration (Burp, Beef, Fiddler)Strong understanding of Windows, Linux, and or OS X internals, web, and common software vulnerabilitiesSolid programming skills and experience with languages such as PythonCloud infrastructure experience, to include automated deployment technologiesCloud penetration testing experienceMeet/exceed Amazon s leadership principles requirements for this roleMeet/exceed Amazon s functional/technical depth and complexity for this roleAmazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit This position will remain posted until filled. Applicants should apply via our internal or external career site.