The Amazon Web Services Threat Intel Group is responsible for developing actionable intelligence on advanced cyber threats to our services and our customers. We collect indicators and intelligence from a variety of internal and external sources and use that information to develop an understanding of high grade actors and their tools, techniques, and procedures. We then leverage that understanding to proactively identify and mitigate malicious activity.
You will be required to analyze telemetry data to identify signals indicative of high grade adversaries. You will help enhance our capabilities by formulating new analytic techniques and working across teams to drive the supporting capabilities. A deep understanding of current APT actors and TTPs as well as experience performing question driven analysis is required. You should have a solid understanding of network and host based indicators and how to best leverage them. You should be able to script and help automate recurring tasks to improve the overall effectiveness of the team. An understanding of operating systems internals will be an asset.
Here at AWS, we embrace our differences. We are committed to furthering our culture of inclusion. We have ten employee-led affinity groups, reaching 40,000 employees in over 190 chapters globally. We have innovative benefit offerings, and we host annual and ongoing learning experiences, including our Conversations on Race and Ethnicity (CORE) and AmazeCon (gender diversity) conferences. Amazon's culture of inclusion is reinforced within our 14 Leadership Principles, which remind team members to seek diverse perspectives, learn and be curious, and earn trust.
Key responsibilities include:
Perform deep dive analysis of potentially malicious artifacts.
Analyze large structured and unstructured data sets to identify trends and anomalies indicative of malicious activities.
Create security techniques and automation for internal use that enable the team to operate at high speed and broad scale.
Pursue actionable intelligence on current threats as they relate to AWS.
Periodic on-call responsibilities.
Translate actor TTPs into actionable data points to be prosecuted on internal data sets
BS degree in Computer Science, MIS, Computer Engineering, or 5+ years equivalent technology experience.
2 years experience with tracking APT groups and other high grade threats.
2 years experience in system, network, and/or application security.
2 years experience building automated tools in C, C++, Python, PowerShell, or Bash
2 years experience in either incident response or active hunting of high grade adversaries
1 year experience with SQL or other query languages.
MS degree in Computer Science, MIS, Computer Engineering, or 8+ years' equivalent technology experience.
5+ years of experience in Threat Intelligence research and analysis, particularly nation states and APTs.
Strong understanding of Windows, Linux, and or OS X internals
Experience with malware analysis tools such as IDAPro, Ollydbg and Windbg.
Experience with AWS services.
Excellent written and oral communication skills.
Meets/exceeds Amazon's leadership principles requirements for this role
Meets/exceeds Amazon's functional/technical depth and complexity for this role
Amazon is committed to a diverse and inclusive workforce. Amazon is an equal opportunity employer and does not discriminate on the basis of race, ethnicity, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit https://www.amazon.jobs/en/disability/us.