Skip to main content

Threat Intelligence Eng. III

Job ID: 2401166 | Services LLC


The Amazon Security Threat Intelligence team is responsible for investigating and understanding threat actors that are targeting Amazon’s businesses. As a Security Intelligence Engineer, you will support the daily operation of our threat intelligence program, specifically focused around automation and building out systems like the threat intelligence platform and malware analysis pipeline. This role will work to understand threat actors and malware authors from all parts of the threat actor spectrum from APT to general cybercrime. Your skills in malware analysis, threat research, report writing and automation will be crucial for our threat intelligence team.

In this role, you will provide analysis and support for emerging threats, threat actors and their associated malware targeting Amazon and Amazon Subsidiaries. You will coordinate with other Security Engineers to provide actionable intelligence to other security engineering teams including Incident Response, Threat Hunting, and Red Team adversarial simulations. You’ll be a critical part of an organization focused on influencing the security culture within Amazon, with the ultimate goal of ensuring the continued safety and security of our customers.

Key job responsibilities
- Collect, analyze, and author threat intelligence reports covering new threats, vulnerabilities and malware.
- Using Python or similar scripting languages to automate tasks and manipulate data
- Collaborate on developing, implementing, and maintaining our threat intelligence platform and related tooling as it pertains to malware, malware analysis, and malware handling systems
- Ability to write automation to aid in malware analysis or design systems to assist in handling malware, such as sandboxes
- Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to our business, including ongoing malware campaigns.
- Demonstrate practical knowledge managing threat data and creating intelligence assessments in support of our incident response & threat hunting missions
- Collect data from intelligence communities, threat intelligence platforms, open source data repositories, and other sources to analyze TTPs and anomalies
- Conduct detailed technical analysis supported by industry accepted threat intelligence analytical frameworks, tools, and standards. Familiarity with building basic detections based off technical analysis (yara, snort, etc).
- Provide timely, relevant, and proactive analysis across Amazon and subsidiaries.

About the team
Threat Intelligence (TI) protects Amazon and its subsidiaries by proactively analyzing new security threats, identifying malicious actors, and researching the evolving threat landscape. We partner with teams throughout Amazon to facilitate information sharing and increase security resilience through cross-functional collaboration. We share actionable cyber threat information and focus on continually developing collaboration and partnerships with security & intelligence teams throughout Amazon and the security industry. TI drives and enhances our ability to emulate threat actors, respond to security incidents, and to stay one step ahead of our adversaries.

We are open to hiring candidates to work out of one of the following locations:

Annapolis Junction, MD, USA | Arlington, VA, USA | Austin, TX, USA | Herndon, VA, USA | New York, NY, USA | Seattle, WA, USA


- Bachelor’s degree in Computer Science, Computer Engineering, Information Assurance, Cybersecurity, Electrical and Computer Engineering or relevant/equivalent experience working in Information Security
- 7+ years working within Information Security supporting/performing incident response, Red Teaming, threat hunting, threat intelligence, forensics, or similarly related experience.
- Ability to craft detailed intelligence reports
- 5+ years of experience developing and producing threat analysis products (technical and/or non-technical) for customers
- 3+ years scripting/programming experience, e.g., Python, C, C++, Java, Ruby, and/or PowerShell
- 3+ year experience with SQL or other query languages, e.g., SQL, SparkQL, GraphQL
- 3+ year experience with Kubernetes and AWS EKS
- Knowledge of current security trends, threats and mitigations.
- Demonstrated experience with analytical tools and processes
- Have presented threat intelligence at security conferences
- Understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK)


- 7+ years of experience conducting threat intelligence research and analysis
- 7+ years global analysis and threat mitigation background
- 5+ years scripting/programming experience: Python, C, C++, Java, Ruby, and/or PowerShell
- 3+ years of experience building with and securing AWS cloud services such as Lambda, EC2, and S3.
- Familiarity with reverse engineering tools such as IDA Pro, Ghidra, Windbg or Ollydbg
- Certifications (any security certification like but not exclusive to the following): OSCP, GREM, GCTI, GXPN, or GCIH

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit

Our compensation reflects the cost of labor across several US geographic markets. The base pay for this position ranges from $136,000/year in our lowest geographic market up to $247,600/year in our highest geographic market. Pay is based on a number of factors including market location and may vary depending on job-related knowledge, skills, and experience. Amazon is a total compensation company. Dependent on the position offered, equity, sign-on payments, and other forms of compensation may be provided as part of a total compensation package, in addition to a full range of medical, financial, and/or other benefits. For more information, please visit Applicants should apply via our internal or external career site.