CybersecurityJobs.io
← Back to all jobs

Job Description

Amazon.com Services LLC invites a Senior Security Engineer focused on AI Application Security to join the Leo Security program in Redmond, onsite. This role leads AI security reviews, policy decisions, and guardrail development for AI-enabled systems across the organization, with a yearly compensation range of USD 178,400 to 226,700.

Responsibilities

  • Serve as the organization's AI security subject matter expert; drive AI tool approval reviews, lead security reviews for AI-integrated systems, and make policy decisions on AI adoption.
  • Represent security in cross-Amazon AI security working groups and drive cross-team alignment on AI policy direction.
  • Mentor and backstop AI leads across teams on AI consultations and reviews.
  • Define and drive implementation of proactive security controls for AI applications including GenAI-powered tools, agentic systems, and LLM-integrated services. Guide teams towards solutions that are secure by default; if secure-by-default solutions don't exist, invent and propose them.
  • Develop and implement security controls for the AI software development lifecycle, ensuring builders build secure AI applications by default.
  • Assess and drive mitigation of AI-specific security risks including prompt injection, model abuse, data exfiltration, unauthorized tool invocation, and autonomy boundary violations at scale.
  • Establish environment-specific security bar, threat models, and defense priorities for AI systems.
  • Construct security frameworks, rubrics, and runbooks for AI-related problem domains that enable others to apply your work in a repeatable way.
  • Collaborate with builder teams to assess technical debt and risk in AI systems.
  • Provide strategic direction that addresses vulnerabilities and fortifies our products.
  • Lead the burn down of long-term AI security risk.
  • Drive adoption of AI security guardrails, testing frameworks, and monitoring across the organization.
  • Collaborate with business leaders to define AI security priorities.
  • Support leaders by acting as a trusted advisor and providing direction that makes security easy.
  • Help leaders measure their org's security execution.
  • Work with builder teams to understand their build processes and ensure they use appropriate security linting, static analysis, and AI-specific testing tools.
  • Instill a security culture in builder teams.
  • Mentor builders who aspire to become security advocates and security engineers via 1-1 sessions and office hours.
  • Assist Red Teams in identifying AI security testing priorities.
  • Scope penetration tests for AI systems and help deep-dive on these engagements.
  • Support security incident investigations related to AI systems, including prompt injection attacks, model misuse, and data exfiltration attempts.
  • Investigate emerging AI security issues, root cause them, and devise mechanisms to prevent them.
  • Propose a security vision for AI that delivers security and protects our customers.
  • Leverage support from automation teams that find discoverable vulnerabilities.
  • Advocate for the creation and deployment of new testing tools and detection mechanisms.
  • And last of all—hack some really cool bleeding edge tech!

Requirements

  • 5+ years of experience in a mix of application security frameworks, identity and access controls, incident response, mobile security, cloud security, AI security, threat intelligence, or penetration testing.
  • Demonstrated experience security-reviewing or architecting at least three of: AWS-hosted inference (Bedrock, IAM scoping, KMS, region/partition constraints), agentic systems (autonomy boundaries, prompt injection, tool-use mediation), MCP servers (data access patterns, registration/compliance, agentic MCP risk), model hosting infrastructure, or 3P AI tool security review (data flow analysis, ingress/egress control, ECI/ITAR scoping).
  • 3+ years of hands-on AI/ML security work (security reviews of AI-integrated systems, threat modeling for AI tools, exposure to common AI architectures such as inference platforms, agentic systems, MCP/tool-use, and 3P AI tools).
  • Experience driving formal security reviews (ASR or equivalent) of complex AI systems through to certification, with risk-based review prioritization.
  • Knowledge of common AI security risks (prompt injection, data poisoning, model extraction, insecure tool use, autonomy boundary violations).
  • Demonstrated experience driving security policy decisions in cross-team or cross-org working group settings, comfortable navigating consensus among technical and non-technical stakeholders.
  • 5+ years of experience communicating complex technical concepts to non-technical audiences, with strong written and verbal skills and the ability to work effectively across internal and external organizations.

Technologies

  • Bedrock
  • IAM
  • KMS

Benefits

  • Sign-on payments
  • Restricted stock units (RSUs)
  • Health insurance (medical, dental, vision, prescription)
  • Basic Life & AD&D insurance
  • Supplemental life plans
  • Employee Assistance Program (EAP)
  • Mental Health Support
  • Medical Advice Line
  • Flexible Spending Accounts
  • Adoption and Surrogacy Reimbursement coverage
  • 401(k) matching
  • Paid time off
  • Parental leave

Export Control Requirement

Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.

A Day in the Life

  • In this dynamic role, you will balance proactive work with responsiveness to teams seeking guidance on security for a wide range of AI problems.
  • Typical inquiries include evaluating third-party AI tools for security, privacy, compliance and export control implications.
  • Defining autonomy boundaries and prompt-injection prevention when deploying agentic systems that invoke MCP tools.
  • Scoping IAM permissions for Bedrock inference endpoints with cross-partition data access.
  • Leading root-cause analyses following AI-related incidents to identify gaps in security controls.
  • Guiding the development of secure AI-powered security tooling, such as automated threat modeling and code scanning.

About the Team

Diverse Experiences: Amazon Security values diverse experiences. If you do not meet every qualification, we encourage you to apply. Careers here welcome nontraditional paths and alternative experiences.

Why Amazon Security: Security is central to maintaining customer trust and delivering excellent experiences. The team sets a high bar for security across all products and services, offering opportunities to build expertise across cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture: A culture of learning and curiosity, with ongoing DEI events and ongoing opportunities to engage with diverse ideas and voices.

Training & Career Growth: A commitment to performance and growth, with knowledge-sharing, training, and resources to develop professionally.

Work/Life Balance: Flexible hours and arrangements support harmony between work and home life.

Preferred Qualifications

  • Knowledge of cloud computing services and deployment architecture
  • Experience developing security controls and tooling across the AI-SDLC, including secure design review, threat modeling, code scanning, and security testing of LLM-based applications, with programming or scripting skills to build or drive adoption of automated security tools at scale

Similar Jobs