Security Engineer, Internal Threat Forensic Investigations 78 views


Amazon is seeking Security Engineers to join our internal threat investigations team. Join the team responsible for providing subject matter expertise for internal threat (aka insider threat or insider risk) and forensic analysis within Amazon. The team’s core responsibility is to investigate internal security threats across Amazon.

The role provides the opportunity to perform forensic investigations for internal and external threats to Amazon, investigating potential internal threat cases, supporting partner teams with forensic expertise, in addition to building tools and capabilities to support those efforts. We build tools to match the scale of Amazons environment, pushing the limitations of existing tooling and evolving beyond those limitations. As part of this team, you will participate in building large scale, custom, digital forensic tooling to assist in supporting our investigations into malicious activity on Amazon networks.

Key tasks include:
· Provide subject matter expertise in all aspects of internal threat investigations
· Participate in a 24/7 global internal threat program
· Provide analytical and operational support to internal risk investigations, mitigation, and program objectives
· Participate in and lead large-scale incidents requiring parallel investigations, executive communications, reports, and postmortems across a global scale
· Communicating effectively with varying audiences at multiple levels of sensitivity
· Evaluating the impact of current security trends, advisories, publications, and academic research to Amazon
· Evidence collection, cold forensics, live/remote analysis, forensic log investigations, DFIR engagements, insider and external compromise cases
· Develop new solutions to solve complex forensic and security problems such as: automation, forensics at scale, analyzing new filesystems, while also contributing to Amazons existing internal forensics tools


· Degree in related field with a strong technical background(additional years of experience may be considered in lieu of degree)
· 3 years of demonstrated experience in areas such as internal threat (aka insider threat), digital forensics or internal investigations
· Ability to work with a high degree of autonomy in a global environment
· Excellent written and verbal communication skills to communicate security and business risk to a broad range of technical and non-technical audiences
· Scripting skills (e.g., Perl, Python, Bash, PowerShell )


· Experience with, and detailed understanding of, digital forensics and incident response tools, such as Plaso (log2timeline), Sleuth Kit (TSK), libyal, Magnet Axiom, Nuix, AccessData FTK, X-Ways Forensics, Cellebrite, Volatility, Mandiant MIR, etc.
· Relevant industry certifications which demonstrate intimate familiarity with forensics analysis & insider threat (GCFA, GCFE, GASF, GLEG, etc).
· Experience with digital forensics as part of legal proceedings (e.g., evidence handling, affidavits, testimony)
· Keen interest for candidates with knowledge in Data Sciences, Machine Learning, or Artificial Intelligence
· Coding proficiency in Python, Go, or similar language

Here at Amazon, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon’s culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.

More Information

Apply for this job

Leave your thoughts

Share this job
Company Information
  • Total Jobs 139 Jobs
  • Slogan Come build the future with us
  • Location United States
  • Full Address 410 Terry Avenue North Seattle, WA 98109 United States
Connect with us
Contact Us