Security & Compliance Engineer, AWS Security Assurance Services, LLC

Description

AWS Security Assurance Services (SAS) is hiring a Security & Compliance Engineer to design, build, and deploy AWS security and compliance solutions for highly regulated customers. The engineer owns engineering deliverables across the full lifecycle—secure design, implementation, testing, deployment, and maintenance—translating compliance frameworks (SOC2, HIPAA, PCI‑DS, CIS, NIST, FedRAMP) into secure‑by‑design AWS implementations. The role works autonomously within a team, delivers cross‑functional projects with partner teams, and drives measurable risk reduction for customers at scale.

• Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems and applications.
• Design and implement custom preventive, detective, and proactive controls—Service Control Policies (SCPs), Resource Control Policies (RCPs), policy‑as‑code (cfn-guard, OPA Rego, Cedar), and automated remediation workflows.
• Build secure‑by‑design Infrastructure‑as‑Code controls for Landing Zones, AWS Control Tower customizations, Zero‑Trust architectures, and AI/ML workloads.
• Apply AWS security best practices for authentication and authorization, data handling, least privilege, encryption, micro‑segmentation, tagging strategy, and API/MCP integration.
• Write and review IaC, scripts, enforcements and detections in Python, Terraform, AWS CDK, Cloud Formation, and Rego.
• Build continuous compliance monitoring, automated evidence collection, visualization, reporting, and remediation pipelines that hold up in audit.
• Integrate custom controls with AWS‑native and third‑party security and compliance tooling.
• Drive emerging‑edge ideas into prototyping end‑to‑end to inform new security and compliance solutions and products.
• Identify risks and edge cases; propose implementation paths and go/no‑go gates.
• Apply systematic approaches to risk identification; propose compensating controls when direct remediation isn’t possible.
• Help develop technical content.
• Identify cross‑team patterns, gaps, improvements.
• Travel to customer sites as needed.

• 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object‑oriented language experience
• 2+ years of scripting, programming, and security code review in a common programming language (non‑internship) experience
• 2+ years of troubleshooting systems issues, analyzing logs, or automating basic tasks using command‑line tools (non‑internship) experience
• Bachelor's degree in a STEM field (Science, Technology, Engineering, Mathematics), or experience in IT Security
• Knowledge of networking protocols such as HTTP, DNS and TCP/IP
• Experience in threat modeling and penetration testing, or experience that includes strong analytical skills, attention to detail, and effective communication abilities
• Experience conveying complex technical concepts to both technical and business audiences
• 3+ years of security engineering or related security experience;
  Demonstrated ability to deliver security solutions independently within a team scope, handling the full development lifecycle: design, implementation, testing, deployment, and maintenance.
• Demonstrated ability to write and review code, scripts, IaC, and detections in support of security defenses.
• Demonstrated ability to lead security investigations and resolve root causes of operational and security issues.
• Demonstrated ability to mentor peers, drive consensus on conflicting design or implementation feedback, and provide meaningful review feedback.

• 2+ years of any combination of threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration, and network security experience
• 2+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience
• Knowledge of command‑line tools to troubleshoot protocols, analyze log outputs, or automate basic tasks
• Knowledge of networking protocols such as HTTP(S), DNS, and TCP/IP
• Experience performing security activities across one or more phases of the software…