Principal Security Engineer, AWS Managed Services (AMS)

AWS is seeking a skilled and forward looking **Security Engineer** to help drive security outcomes at scale for customers around the world. This role blends technical security engineering with high-impact customer engagement. You will work directly with CISOs, security executives, and engineering teams across a global customer base to understand their challenges and translate them into scalable technical solutions.
You will collaborate with AWS service teams, security specialists, and support organisations to build and scale security mechanisms that raise the bar for all customers. Your work will influence how AWS enables customers to prevent, detect, and respond to security threats at scale.
This is a role for engineers who are technically credible and operationally experienced, capable of influencing senior stakeholders, and comfortable navigating complex security domains. You will design, prototype, and guide the deployment of mechanisms that operate across thousands of AWS environments and contribute directly to improving customer security posture globally.

Key job responsibilities
• Design and implement scalable security mechanisms and tooling across diverse customer environments and architectures.
• Engage directly with CISOs, enterprise architects, and security executives to co-develop secure-by-design solutions.
• Lead threat modelling, posture review, and detection design efforts targeting systemic risk.
• Build automation and detection systems directly or in collaboration with engineering teams to reduce manual effort and accelerate security outcomes.
• Support multi-cloud security conversations, helping customers federate or transition securely across cloud platforms.
• Translate complex customer architecture and operational constraints into scalable security solutions and reusable design patterns.
• Write reference architectures, technical guidance, and tooling for repeatable security outcomes.
• Represent AWS in technical discussions with customer executives, internal engineering teams, and security leaders.
• Participate in or support security incident response initiatives through technical insight, pattern recognition, and mechanism design.
• Define success metrics and evaluate effectiveness of security mechanisms at scale.


A day in the life
AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector.

You start your day reviewing posture trends across a fleet of high-risk accounts, identifying a pattern linked to architectural drift in identity federation. Before lunch, you meet with the CISO and enterprise architect of a regulated customer to shape a secure design strategy for a multi-account cloud migration. You then join a working session with AWS engineers to evaluate options for turning that strategy into repeatable guardrails for similar customers. Your day finishes by reviewing a proof-of-concept design for a new automation path, refining the control logic with a peer who’ll own the implementation.

Your time is divided across customer engagement, technical direction-setting, and collaboration with engineering and security teams to embed security mechanisms at scale.

About the team
Diverse Experiences
Amazon values diverse experiences. Even if you do not meet all of the preferred qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. We pioneered cloud computing and never stopped innovating — that’s why customers from the most successful startups to Global 500 companies trust our robust suite of products and services to power their businesses.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Inclusive Team Culture
Here at AWS, it’s in our nature to learn and be curious. Our employee-led affinity groups foster a culture of inclusion that empower us to be proud of our differences. Ongoing events and learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences, inspire us to never stop embracing our uniqueness.
Mentorship and Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

This role is part of a global AWS Security organisation focused on enabling customer security outcomes through scalable engineering and deep technical engagement. We partner with service teams, support, and field organisations to improve posture, prevent attacks, and accelerate detection and response across AWS customers globally.
We value mechanisms over heroics, engineering over opinion, and scale over manual effort. You’ll work alongside principal technologists, security engineers, and AWS leaders with a shared goal: to secure the world’s workloads.

Basic Qualifications

• Experience in a security engineering or security architecture role within a cloud or large-scale distributed systems environment
• Demonstrated ability to engage technical and executive stakeholders, including CISOs and enterprise architects
• Proficiency in at least one programming or scripting language (e.g. Python, Go, JavaScript) or experience guiding technical implementation through prototypes and design documents
• Experience developing or influencing the deployment of security automation, posture management, or detection systems
• Experience designing secure architectures in a major public cloud platform (e.g. AWS, Azure, GCP), with an ability to translate those patterns into AWS-native designs

Preferred Qualifications

• Hands-on experience with AWS security services (e.g. IAM, GuardDuty, Security Hub, CloudTrail, KMS), or ability to rapidly apply equivalent experience from other platforms in an AWS context
• Familiarity with adversary behaviours and detection frameworks (e.g. MITRE ATT&CK, SIGMA)
• Experience supporting enterprise customers across regulated or high-trust environments such as finance, energy, or government
• Prior experience designing or contributing to security automation mechanisms at scale
• Strong understanding of cloud-native security principles, threat modelling, and secure design patterns
• Demonstrated ability to collaborate and deliver results across organisational and technical boundaries


Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.