Track emerging threats and assess relevance to AWS environment
Triage external and internal inputs and drive validation and investigation
Translate threat intelligence into actions: containment guidance and prioritized remediation
Lead and execute high-severity security incidents across AWS and endpoints
Drive incidents from initial signal through containment and recovery
Reconstruct attacker activity and produce clear incident documentation
Investigate AWS incidents and lead investigations involving common AWS compromise patterns
Improve detection coverage and partner with detection engineering
Build and maintain investigation and response automation using SOAR tools

Requirements

Strong understanding of software engineering fundamentals including code structure and build systems
Understanding of CI/CD pipelines and DevOps workflows
Solid knowledge of cloud architecture, especially AWS services
Hands-on experience responding to AWS security incidents
Familiarity with SaaS architectures and identity systems
Proven experience leading complex security incidents across cloud and endpoint environments
Strong understanding of identity and access concepts (IAM roles, federation)
Experience using a SIEM for investigations (Splunk preferred)
Comfortable scripting or automating in Python
Strong Linux investigation skills with knowledge of macOS and Windows

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

AWSCI/CDDevOpscloud architectureSaaSidentity and access managementSIEMPythonLinuxmacOS

leadershipcommunicationinvestigationdocumentationincident response