Senior Security Engineer, AI Application Security, Leo Security
Job Description
Amazon.com Services LLC invites a Senior Security Engineer focused on AI Application Security to join the Leo Security program in Redmond, onsite. This role leads AI security reviews, policy decisions, and guardrail development for AI-enabled systems across the organization, with a yearly compensation range of USD 178,400 to 226,700.
Responsibilities
- Serve as the organization's AI security subject matter expert; drive AI tool approval reviews, lead security reviews for AI-integrated systems, and make policy decisions on AI adoption.
- Represent security in cross-Amazon AI security working groups and drive cross-team alignment on AI policy direction.
- Mentor and backstop AI leads across teams on AI consultations and reviews.
- Define and drive implementation of proactive security controls for AI applications including GenAI-powered tools, agentic systems, and LLM-integrated services. Guide teams towards solutions that are secure by default; if secure-by-default solutions don't exist, invent and propose them.
- Develop and implement security controls for the AI software development lifecycle, ensuring builders build secure AI applications by default.
- Assess and drive mitigation of AI-specific security risks including prompt injection, model abuse, data exfiltration, unauthorized tool invocation, and autonomy boundary violations at scale.
- Establish environment-specific security bar, threat models, and defense priorities for AI systems.
- Construct security frameworks, rubrics, and runbooks for AI-related problem domains that enable others to apply your work in a repeatable way.
- Collaborate with builder teams to assess technical debt and risk in AI systems.
- Provide strategic direction that addresses vulnerabilities and fortifies our products.
- Lead the burn down of long-term AI security risk.
- Drive adoption of AI security guardrails, testing frameworks, and monitoring across the organization.
- Collaborate with business leaders to define AI security priorities.
- Support leaders by acting as a trusted advisor and providing direction that makes security easy.
- Help leaders measure their org's security execution.
- Work with builder teams to understand their build processes and ensure they use appropriate security linting, static analysis, and AI-specific testing tools.
- Instill a security culture in builder teams.
- Mentor builders who aspire to become security advocates and security engineers via 1-1 sessions and office hours.
- Assist Red Teams in identifying AI security testing priorities.
- Scope penetration tests for AI systems and help deep-dive on these engagements.
- Support security incident investigations related to AI systems, including prompt injection attacks, model misuse, and data exfiltration attempts.
- Investigate emerging AI security issues, root cause them, and devise mechanisms to prevent them.
- Propose a security vision for AI that delivers security and protects our customers.
- Leverage support from automation teams that find discoverable vulnerabilities.
- Advocate for the creation and deployment of new testing tools and detection mechanisms.
- And last of all—hack some really cool bleeding edge tech!
Requirements
- 5+ years of experience in a mix of application security frameworks, identity and access controls, incident response, mobile security, cloud security, AI security, threat intelligence, or penetration testing.
- Demonstrated experience security-reviewing or architecting at least three of: AWS-hosted inference (Bedrock, IAM scoping, KMS, region/partition constraints), agentic systems (autonomy boundaries, prompt injection, tool-use mediation), MCP servers (data access patterns, registration/compliance, agentic MCP risk), model hosting infrastructure, or 3P AI tool security review (data flow analysis, ingress/egress control, ECI/ITAR scoping).
- 3+ years of hands-on AI/ML security work (security reviews of AI-integrated systems, threat modeling for AI tools, exposure to common AI architectures such as inference platforms, agentic systems, MCP/tool-use, and 3P AI tools).
- Experience driving formal security reviews (ASR or equivalent) of complex AI systems through to certification, with risk-based review prioritization.
- Knowledge of common AI security risks (prompt injection, data poisoning, model extraction, insecure tool use, autonomy boundary violations).
- Demonstrated experience driving security policy decisions in cross-team or cross-org working group settings, comfortable navigating consensus among technical and non-technical stakeholders.
- 5+ years of experience communicating complex technical concepts to non-technical audiences, with strong written and verbal skills and the ability to work effectively across internal and external organizations.
Technologies
- Bedrock
- IAM
- KMS
Benefits
- Sign-on payments
- Restricted stock units (RSUs)
- Health insurance (medical, dental, vision, prescription)
- Basic Life & AD&D insurance
- Supplemental life plans
- Employee Assistance Program (EAP)
- Mental Health Support
- Medical Advice Line
- Flexible Spending Accounts
- Adoption and Surrogacy Reimbursement coverage
- 401(k) matching
- Paid time off
- Parental leave
Export Control Requirement
Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum.
A Day in the Life
- In this dynamic role, you will balance proactive work with responsiveness to teams seeking guidance on security for a wide range of AI problems.
- Typical inquiries include evaluating third-party AI tools for security, privacy, compliance and export control implications.
- Defining autonomy boundaries and prompt-injection prevention when deploying agentic systems that invoke MCP tools.
- Scoping IAM permissions for Bedrock inference endpoints with cross-partition data access.
- Leading root-cause analyses following AI-related incidents to identify gaps in security controls.
- Guiding the development of secure AI-powered security tooling, such as automated threat modeling and code scanning.
About the Team
Diverse Experiences: Amazon Security values diverse experiences. If you do not meet every qualification, we encourage you to apply. Careers here welcome nontraditional paths and alternative experiences.
Why Amazon Security: Security is central to maintaining customer trust and delivering excellent experiences. The team sets a high bar for security across all products and services, offering opportunities to build expertise across cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture: A culture of learning and curiosity, with ongoing DEI events and ongoing opportunities to engage with diverse ideas and voices.
Training & Career Growth: A commitment to performance and growth, with knowledge-sharing, training, and resources to develop professionally.
Work/Life Balance: Flexible hours and arrangements support harmony between work and home life.
Preferred Qualifications
- Knowledge of cloud computing services and deployment architecture
- Experience developing security controls and tooling across the AI-SDLC, including secure design review, threat modeling, code scanning, and security testing of LLM-based applications, with programming or scripting skills to build or drive adoption of automated security tools at scale