Senior Security Engineer, AWS Security Incident Response
Amazon · Tokyo, Japan · Systems, Quality, & Security Engineering
senior
Security Engineer
ic
· Posted Jun 6, 2026
About this role
Amazon is hiring a senior-level Security Engineer based in Tokyo, Japan. The posting calls out experience with Python, Java, AWS, Security.
- Role
- Security Engineer
- Function
- security
- Level
- senior
- Track
- Individual contributor
- Employment
- Full-time
- Location
- Tokyo, Japan
- Department
- Systems, Quality, & Security Engineering
- Posted
- Jun 6, 2026
AI Summary
Senior Security Engineer investigates complex security incidents hands-on and builds automation frameworks for detection and remediation at scale. Requires deep expertise in malware analysis, forensics, and AWS security services. Native Japanese and fluent English required.
Job description
from Amazon careersAWS Security Incident Response is looking for a Senior Security Engineer who builds the automation mechanisms that scale security response. You will investigate complex security incidents hands-on, build the frameworks that turn investigation expertise into scalable detection and auto-remediation, and architect the AI feedback loops that make the service smarter with every investigation.
The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows, AI-powered investigation agents, and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve over 90% of routine investigations within minutes. The next challenge is building the mechanisms that accelerate this further — enabling every engineer on the team to contribute to detection and automation quality from their investigation work.
Your deep understanding of how attacks work — from initial exploitation through lateral movement to data exfiltration — is what makes your automation effective. You will build detection enhancements, auto-remediation playbooks, and AI training pipelines that catch real threats, not just generate noise. We treat every investigation as a confirmed security incident until the data proves otherwise.
Native Japanese language skills and fluent English language skills in speaking, reading, and writing.
Key job responsibilities
- Investigate and respond to complex security incidents hands-on — applying malware analysis, forensic analysis, or attribution skills to credential compromise, data exfiltration, supply chain attacks, and cryptomining
- Lead incident response for customers during high-severity events: scope blast radius, coordinate containment, guide remediation, and get on calls with customers to walk them through what was compromised and the specific steps to contain the threat
- Own the response-to-automation flywheel: build pipelines that capture investigation patterns (including Trust & Safety abuse cases), translate them into detection rules and auto-remediation, and measure impact on investigation volume and accuracy
- Build mechanisms that enable every engineer on the team to contribute detection rules, automation playbooks, and AI training data — and build the AI feedback loops that ensure human corrections systematically improve autonomous investigation accuracy
- Define and track metrics that measure automation effectiveness: false positive reduction, auto-resolution coverage, and engineer contribution rates to the pipeline
- Mentor junior engineers on investigation methodology and structuring artifacts as reusable automation inputs
- Participate in on-call rotations as part of the 24/7 follow-the-sun operating model, including weekends
A day in the life
- Review automation dashboard metrics: AI agent resolution rates, false positive trends, and engineer-submitted detection rules going live
- Investigate new attack patterns the AI is struggling with — analyze malware behavior, extract indicators, and build detection rules that catch the pattern without generating false positives
- Step into high-severity incidents directly — analyzing logs, correlating indicators across accounts, scoping blast radius, and getting on a call with the customer to guide containment
- Codify attack chains from investigations into detection rules and AI agent improvements so the system catches the pattern autonomously next time
- Review and approve detection rule contributions from junior engineers using your contribution framework
About the team
The AWS Security Incident Response team provides 24/7 threat monitoring, investigation, and response for customer AWS environments. The team is driving a strategic transformation — raising operational standards, building AI-powered investigation capabilities, and expanding coverage. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. Senior engineers enjoy close collaboration with leadership, one-on-one coaching, and the opportunity to shape the future of security operations at AWS scale.
- Bachelor's degree or above in Computer Science, Computer Engineering, Cybersecurity, or other related discipline
- Speak, write, and read fluently in Japanese
- 5+ years of non-internship experience in troubleshooting systems issues, analyzing logs, automating complex tasks using command line tools, and identifying security issues, risks, and developing mitigation plans
- Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques; including experience as a mentor, tech lead, or leading an engineering team
- Experience in automation or monitoring frameworks, deployment or development
- Knowledge of compliance and security standards across the enterprise IT landscape
- * Information security professional certification (GCIH, GSEC, GREM, GCFA, CISSP, or equivalent)
- * Experience with AWS services in a security operations context (Amazon GuardDuty, AWS CloudTrail, AWS Security Hub, AWS IAM)
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The AWS Security Incident Response team provides 24/7 security response through a follow-the-sun operating model. The service combines automated triage workflows, AI-powered investigation agents, and human security analysts to respond to threats across customer AWS environments at massive scale. Our AI systems autonomously resolve over 90% of routine investigations within minutes. The next challenge is building the mechanisms that accelerate this further — enabling every engineer on the team to contribute to detection and automation quality from their investigation work.
Your deep understanding of how attacks work — from initial exploitation through lateral movement to data exfiltration — is what makes your automation effective. You will build detection enhancements, auto-remediation playbooks, and AI training pipelines that catch real threats, not just generate noise. We treat every investigation as a confirmed security incident until the data proves otherwise.
Native Japanese language skills and fluent English language skills in speaking, reading, and writing.
Key job responsibilities
- Investigate and respond to complex security incidents hands-on — applying malware analysis, forensic analysis, or attribution skills to credential compromise, data exfiltration, supply chain attacks, and cryptomining
- Lead incident response for customers during high-severity events: scope blast radius, coordinate containment, guide remediation, and get on calls with customers to walk them through what was compromised and the specific steps to contain the threat
- Own the response-to-automation flywheel: build pipelines that capture investigation patterns (including Trust & Safety abuse cases), translate them into detection rules and auto-remediation, and measure impact on investigation volume and accuracy
- Build mechanisms that enable every engineer on the team to contribute detection rules, automation playbooks, and AI training data — and build the AI feedback loops that ensure human corrections systematically improve autonomous investigation accuracy
- Define and track metrics that measure automation effectiveness: false positive reduction, auto-resolution coverage, and engineer contribution rates to the pipeline
- Mentor junior engineers on investigation methodology and structuring artifacts as reusable automation inputs
- Participate in on-call rotations as part of the 24/7 follow-the-sun operating model, including weekends
A day in the life
- Review automation dashboard metrics: AI agent resolution rates, false positive trends, and engineer-submitted detection rules going live
- Investigate new attack patterns the AI is struggling with — analyze malware behavior, extract indicators, and build detection rules that catch the pattern without generating false positives
- Step into high-severity incidents directly — analyzing logs, correlating indicators across accounts, scoping blast radius, and getting on a call with the customer to guide containment
- Codify attack chains from investigations into detection rules and AI agent improvements so the system catches the pattern autonomously next time
- Review and approve detection rule contributions from junior engineers using your contribution framework
About the team
The AWS Security Incident Response team provides 24/7 threat monitoring, investigation, and response for customer AWS environments. The team is driving a strategic transformation — raising operational standards, building AI-powered investigation capabilities, and expanding coverage. We respond to customer requests within minutes. Zero queue tolerance is the operating standard. We value engineers who solve root causes over those who close tickets. Senior engineers enjoy close collaboration with leadership, one-on-one coaching, and the opportunity to shape the future of security operations at AWS scale.
Basic Qualifications
- 5+ years of scripting, programming, or security code review in a common language, such as Python, Java or C++ experience- Bachelor's degree or above in Computer Science, Computer Engineering, Cybersecurity, or other related discipline
- Speak, write, and read fluently in Japanese
- 5+ years of non-internship experience in troubleshooting systems issues, analyzing logs, automating complex tasks using command line tools, and identifying security issues, risks, and developing mitigation plans
- Experience (non-internship) in industry-based security vulnerabilities identification, attack patterns, and remediation techniques; including experience as a mentor, tech lead, or leading an engineering team
Preferred Qualifications
- Master's degree in Computer Science, Information Security, or a related field- Experience in automation or monitoring frameworks, deployment or development
- Knowledge of compliance and security standards across the enterprise IT landscape
- * Information security professional certification (GCIH, GSEC, GREM, GCFA, CISSP, or equivalent)
- * Experience with AWS services in a security operations context (Amazon GuardDuty, AWS CloudTrail, AWS Security Hub, AWS IAM)
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
More roles at Amazon
Data Center Technician - Night Shift, ADC InfraOps DCO
Severn, MD · mid
TypeScript AWS Networking
Sr. Software Dev Engineer, Aurora Control Plane, Aurora Security
Toronto, Canada · senior
AWS PostgreSQL MySQL
Senior Account Manager, CPG
Chicago, IL · senior
AWS LLMs Salesforce
Senior Category Manger, Power and Utilities, Global Procurement Organization (GPO)
Barcelona, Spain · senior
Global H&S Audit Manager, AWS Health & Safety
Herndon, VA · manager
AWS Networking Agile
All Amazon jobs →