|Category||Systems, Quality, & Security Engineering|
Threat Hunting plays a crucial role in a modern Information Security organization. Defenses continue to become increasingly complex, providing opportunities for attackers to be creative and get around them. In cases like these, the only thing standing between an attacker and their goal is the Threat Hunter, who is watching their every move and acting to eliminate the threat.
Amazon's Threat Hunting team is looking for individuals who are excited by the idea of finding threats in ways where no other defense mechanism can, eradicating threats and building new intelligence to prevent future attacks from succeeding. The Threat Hunting team hunts for adversarial activity within Amazon using a variety of analytic techniques, data sources, and threat intelligence. This role is behind the keyboard for the hunt, helping to root out known and unknown malicious activities from the environment using a variety of dynamic methods, tools, and procedures.
Threat Hunting is a force multiplier for security practitioners across Amazon through the production of intelligence about adversaries they find, producing artifacts and insights that are integrated into a variety of security solutions. To achieve this, Threat Hunters are required to keep an open mind and pivot quickly between activities based on priorities and ongoing intelligence.
Threat Hunters are frequently asked to work with ambiguity and limited data to achieve these goals, but are trusted to explore new ideas and engage with teams throughout Amazon to overcome these hurdles. Creativity and curiosity are imperative in this role in order to think like and find adversaries, and investments are made into Threat Hunters to ensure they have the skills, training and tools to do so. Lastly, it is important that Threat Hunters are leaders, able to communicate clearly, rise above team boundaries and inspire teams and individuals to join them in eradicating adversarial activity with the ultimate goal of ensuring our customers are protected.
• 5+ years of work in related technical roles (such as threat hunting, threat intelligence, security data analysis, etc.)
• Expertise with cloud technologies (AWS preferred, Azure, Google Cloud, etc)
• Experience with security analysis on cloud services, especially server-less and authentication services
• Experience using data analysis tools and technologies, such as SQL, Jupyter, R, Python
• Experience with active attacks / live scenarios / applied computer security
• Knowledge and experience with hunting utilizing TTPs (Tactics, Techniques and Procedures).
• Excellent written, communication and organizational skills. Must be able to create and contribute to intelligence reports, briefings, roadmaps, and strategic planning documents.
• Masters degree in mathematics, computer science, or related engineering disciplines.
• Familiarity with host and network log analysis
• Standing relationships with global associations relevant to the position.