Incident Response Engineer, DSS Security Incident Response

Are you ready to protect millions of homes and families as part of Amazon's elite Device Security Incident Response team? Join us in defending Ring, Blink, eero, and other industry-leading IoT platforms where every incident response decision impacts real people's safety and privacy.

We’re looking for a seasoned security engineer to join a cross-functional Incident Response team supporting multiple Amazon devices brands. This is a hands-on role is focused on protecting the security and privacy of millions of customers by responding to incidents that impact real-world products and services. Our customers trust us with their safety and personal spaces, and it’s our responsibility to uphold that trust through strong, effective security practices. You will become a subject matter expert in the brands you support, leading our response to incidents through detection, assessment, containment, eradication, and post-mortem, while identifying opportunities to raise the bar on security for Amazon products and Customers. This high-visibility role requires clear communication, sound judgment under pressure, and the ability to work across organizational boundaries. You will be a strong advocate for customer safety and privacy, ensuring our devices deliver protection without compromise. You will document your work thoroughly, contribute to post-incident reviews, and collaborate with engineering teams to drive long-term improvements across the business. You will have opportunities to utilize, or expand your AI/ML skills, as we focus on automation.


Key job responsibilities
* Investigate and respond to security incidents in the Devices and Services org, setting the pace, and driving rapid, effective response that reduces or eliminates risk
* Act as an incident responder or commander during active security events, coordinating technical response while keeping business stakeholders informed
* Conduct thorough post-mortem analysis of security incidents, driving root cause identification, and identifying opportunities to improve security for Amazon products and services
* Security consults with builder teams to ensure that security is designed into products from their inception
* Collaborate with both technical, and non-technical stakeholders at all levels of the business, to execute rapid, and effective incident response
* Develop, maintain, and respond to detections using Splunk/SOAR, as well as internal Amazon tooling
* Combat various forms of fraud and abuse, by coordinating with business teams to develop comprehensive prevention/detection/response capabilities
* Contribute to team efforts to increase capability and efficiency through automation of manual workloads and increase signal quality using AI/ML tools or approaches
* Assist in runbook development, playbook tuning, and continuous process improvements
* Participate in an on-call rotation (approx. two weekend days per month)
* Work within a global, collaborative Amazon Security team where engineers and specialists support one another to solve complex problems and respond to security challenges together
* Coordinate response efforts with other Incident Response teams at Amazon when appropriate, and share learnings
* Maintain and support WAF products that protect Amazon services from abuse, drive adoption, evaluate or tune rules
* Develop and update SQL queries to investigate security incidents, analyze log data, and extract relevant information from logs, databases and services.

A day in the life
As a Security Incident Response Engineer, you'll guide our team through complex security challenges impacting millions of customers. You'll:

• Spearhead end-to-end incident response across Amazon's device ecosystem
• Drive real-time decision-making during active incidents
• Conduct impact assessments and implement containment strategies
• Develop durable solutions with engineering teams
• Proactively hunt threats and create new detection mechanisms
• Consult on security for new product designs
• Analyze data to identify hidden vulnerabilities

We seek naturally curious problem-solvers who combine technical expertise with investigative instincts. You'll be the calm voice in the storm, transforming chaos into clarity and consistently safeguarding our customers' trust in Amazon's devices and services.

About the team
We're a tight-knit group of Security Engineers united by our mission to protect Amazon's customers. Though small, our impact is outsized. We've driven meaningful improvements across Amazon's device ecosystem through technical excellence and relentless customer advocacy.

We're engineers first, approaching challenges with security expertise to create practical solutions. We champion "better products" over "more products," solving problems collaboratively with empathy and partnership. We're not the team that just says "no" – we find secure paths forward.

When incidents arise, we need our builders to feel relief when we arrive. We build bridges, not ivory towers, transforming security from a barrier into an enabler of innovation.- * 5+ years of industry experience in cybersecurity, with a strong foundation in incident response, detection engineering, or security operations
- * Working knowledge of AWS, WAF, EDR/XDR tools, network telemetry, and log analysis
- * Practical knowledge of attacker tactics, techniques, and procedures (TTPs), with experience leveraging MITRE ATT&CK or similar frameworks to guide incident response or detection engineering
- * Strong interpersonal and communication skills; able to calmly manage high-stakes coordination and decision-making
- * Proficiency with scripting or automation (e.g., Python, PowerShell, Bash)- * Proficiency with at least one SIEM platform, including writing searches, creating alerts, and analyzing log data to support security investigations; experience with Splunk strongly preferred
- * Exposure to AI/ML-driven anomaly detection, or behavior modeling tools
- * Demonstrated ability to use forensic or threat hunting techniques to identify adversary behavior, detect anomalies, analyze potential malware to support containment and eradication
- * Security certifications such as CISSP, CISM, CRISC, GCIH, CCIR, GCDA, etc.
- * Prior experience in large enterprise environments or supporting multiple business lines
- * Experience securing or responding to incidents in large-scale distributed systems, including cloud-native architectures and service-oriented environments
- * Experience with IOT device security and embedded systems forensics

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $143,300/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit https://www.aboutamazon.com/workplace/employee-benefits. This position will remain posted until filled. Applicants should apply via our internal or external career site.