New job, posted less than a week ago!
Job Details
Posted date: Dec 18, 2025
Location: Virtual Location - Texas, TX
Estimated salary: $174,400
Range: $136,000 - $212,800
Description
Do you want to be on the front lines of customer security, responding to the most complex and novel security incidents in the cloud? Are you skilled at performing incident response activities and passionate about helping customers during their worst day? Are you excited to turn incident insights into automation that scales AWS Security's impact? Do you thrive in fast-paced, high-stakes situations where your expertise directly protects customers?As a member of AWS CIRT (Customer Incident Response Team) within the AWS CISO Office, you will be AWS's final escalation point for customer cloud security incidents. You'll respond to complex, novel, and large-scale security events through our Zipline mechanism, partner with threat intelligence and detection teams, and help build the automation and playbooks that enable AWS to respond faster than threat actors. Building on those experiences, you'll contribute insights that drive service improvements across AWS and help shape how security incident response is practiced at planetary scale.
Key job responsibilities
• Perform incident response for complex, novel, and large-scale customer security events via the Zipline mechanism
• Serve as a deep technical resource that earns the trust of customers before, during, and after security incidents
• Capture and analyze incident data to contribute intelligence to AWS Security leadership and service teams
• Design, build, and deploy automation to reduce manual incident response effort and enable faster response
• Develop playbooks and runbooks that enable AWS SIR and other teams to handle incident patterns at scale
• Contribute to the Zipline volunteer program by training and mentoring responders across AWS Security
• Support the CISO Office with incident data, insights, and situational awareness for large-scale events
• Innovate on behalf of customers by asking "what would have to be true?" to eliminate manual work and improve outcomes
• Participate in 24x7 on-call rotation for incident response coverage
About the team
The AWS Customer Incident Response Team (CIRT), part of the AWS CISO Office, is the guardian of the customer security experience when it matters most. We are AWS's final escalation point for customer security incidents - handling the complex, novel, and large-scale events that require deep expertise.
We are security builders, not just responders. Our mission is to help customers having their worst day in the cloud, capture insights to drive service improvements, and scale our impact by enabling teams across AWS to respond effectively.
Qualifications
- 3+ years of IT Security experience- Experience in scripting, programming, or security code reviewing in a common language, such as Python, Java, or C++
- Experience with AWS products and services
- Experience in any combination of the following: application security frameworks, security code reviews, incident response, secure infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls, threat modeling, cryptography, threat intelligence, or secure software development
Extended Qualifications
- 2+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience- Experience performing security activities across one or more phases of the software development lifecycle (SDLC), such as security design review, threat modeling, secure code review, and security testing
- Experience applying threat modeling or other risk identification techniques or equivalent
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $212,800/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.
Check out other jobs at Amazon.