Description

The Amazon Cyber Threat Intelligence (ACTI) organization is responsible for investigating, analyzing, and defending against sophisticated cyber threats targeting Amazon's global businesses and customers. ACTI combines technical expertise, strategic analysis, and advanced tooling to identify emerging threats, track adversary activities, and provide actionable intelligence across Amazon's security ecosystem.

As a Software Development Engineer within ACTI Engineering, you will architect and lead the development of mission-critical distributed systems that power Amazon's threat intelligence capabilities. You will make key technical decisions that shape our platform's architecture, designing scalable solutions that process, analyze, and correlate vast amounts of security data across Amazon's global infrastructure. Your technical leadership will directly influence ACTI's ability to detect, analyze, and respond to emerging security threats at scale.

This position requires that the candidate selected be a US Citizen.

Key job responsibilities
- Define and drive the technical vision and multi-year architecture roadmap for ACTI's threat intelligence platforms, establishing technical standards and best practices that influence organization-wide engineering decisions.
- Architect and lead the design of highly scalable distributed systems processing petabytes of security data, making strategic trade-offs between performance, cost, and operational complexity while ensuring long-term maintainability.

- Drive cross-team technical strategy for service-oriented architectures, establishing integration patterns and API contracts that enable seamless threat intelligence workflows across multiple organizations.

- Own critical technical decisions around data modeling, storage solutions, and processing frameworks with organization-level impact, evaluating emerging technologies and driving adoption of solutions that advance the state of the art.

- Lead the full software development lifecycle across multiple complex systems, establishing operational excellence standards, SLA definitions, and reliability practices that serve as models for the broader organization.

- Mentor and develop engineering talent across teams, conducting design reviews, establishing coding standards, and growing the technical capabilities of engineers at multiple levels.

- Partner with senior leadership and threat intelligence analysts to translate strategic business objectives into scalable technical solutions, influencing product roadmaps and organizational priorities.

- Build industry-leading, planet-scale intelligence tooling that sets the standard for defending against sophisticated and evolving security threats, with direct impact on Amazon's security posture.

- Lead resolution of issues and establish on-call best practices, driving improvements to system reliability and reducing operational burden across the organization.

- Influence technical direction beyond immediate team boundaries, contributing to architectural decisions and technical standards that impact multiple services and teams.

A day in the life
As an SDE III on ACTI Engineering, you own the design and delivery of production systems that power threat intelligence at Amazon scale. On a given week you might:

- Design and implement services that ingest, normalize, and correlate investigative data from across Amazon
- Develop and optimize APIs that provide intelligence data to internal customer teams, enabling them to build detections, agents, and dashboards on top of the platform
- Partner with analysts to translate investigative workflows into scalable, automated pipelines
- Lead technical design reviews, write design documents, and mentor SDEs on the team
- Operate what you build — respond to operational events, drive root cause analysis, and improve system reliability
- Evaluate build-vs-buy decisions for intelligence tooling and present recommendations to leadership

You work at the intersection of security, data engineering, and product development. The problems change frequently because the threat landscape does. You will have significant influence over architecture decisions and the technical direction of the platform.

About the team
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores

Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.