AWS Security Incident Response is looking for a Senior Security Engineer who builds the automation mechanisms that scale security response. You will investigate complex security incidents hands-on, build the frameworks that turn investigation expertise into scalable detection and auto-remediation, and architect the AI feedback loops that make the service smarter with every investigation.
The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows, AI-powered investigation agents, and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve over 90% of routine investigations within minutes. The next challenge is building the mechanisms that accelerate this further — enabling every engineer on the team to contribute to detection and automation quality from their investigation work.
Your deep understanding of how attacks work — from initial exploitation through lateral movement to data exfiltration — is what makes your automation effective. You will build detection enhancements, auto-remediation playbooks, and AI training pipelines that catch real threats, not just generate noise. We treat every investigation as a confirmed security incident until the data proves otherwise.
Native Japanese language skills and fluent English language skills in speaking, reading, and writing.
Key job responsibilities
- Investigate and respond to complex security incidents hands-on — applying malware analysis, forensic analysis, or attribution skills to credential compromise, data exfiltration, supply chain attacks, and cryptomining
- Lead incident response for customers during high-severity events: scope blast radius, coordinate containment, guide remediation, and get on calls with customers to walk them through what was compromised and the specific steps to contain the threat
- Own the response-to-automation flywheel: build pipelines that capture investigation patterns (including Trust & Safety abuse cases), translate them into detection rules and auto-remediation, and measure impact on investigation volume and accuracy
- Build mechanisms that enable every engineer on the team to contribute detection rules, automation playbooks, and AI training data — and build the AI feedback loops that ensure human corrections systematically improve autonomous investigation accuracy
- Define and track metrics that measure automation effectiveness: false positive reduction, auto-resolution coverage, and engineer contribution rates to the pipeline
- Mentor junior engineers on investigation methodology and structuring artifacts as reusable automation inputs
- Participate in on-call rotations as part of the 24/7 follow-the-sun operating model, including weekends
A day in the life
- Review automation dashboard metrics: AI agent resolution rates, false positive trends, and engineer-submitted detection rules going live
- Investigate new attack patterns the AI is struggling with — analyze malware behavior, extract indicators, and build detection rules that catch the pattern without generating false positives
- Step into high-severity incidents directly — analyzing logs, correlating indicators across accounts, scoping blast radius, and getting on a call with the customer to guide containment
- Codify attack chains from investigations into detection rules and AI agent improvements so the system catches the pattern autonomously next time
- Review and approve detection rule contributions from junior engineers using your contribution framework
About the team
The AWS Security Incident Response team provides 24/7 threat monitoring, investigation, and response for customer AWS environments. The team is driving a strategic transformation — raising operational standards, building AI-powered investigation capabilities, and expanding coverage. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. Senior engineers enjoy close collaboration with leadership, one-on-one coaching, and the opportunity to shape the future of security operations at AWS scale.
Basic Qualifications:
- 5+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
- Bachelor's degree or above in Computer Science, Computer Engineering, Cybersecurity, or other related discipline
- Speak, write, and read fluently in Japanese
- 5+ years of non-internship experience in troubleshooting systems issues, analyzing logs, automating complex tasks using command line tools, and identifying security issues, risks, and developing mitigation plans
- Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques; including experience as a mentor, tech lead, or leading an engineering team
Preferred Qualifications:
- Master's degree in Computer Science, Information Security, or a related field
- Experience in automation or monitoring frameworks, deployment or development
- Knowledge of compliance and security standards across the enterprise IT landscape
- * Information security professional certification (GCIH, GSEC, GREM, GCFA, CISSP, or equivalent)
- * Experience with AWS services in a security operations context (Amazon GuardDuty, AWS CloudTrail, AWS Security Hub, AWS IAM)
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit
https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.