Sr. Security Engineer, Stores Red Team

Job ID: 10432191 | Amazon.com Services LLCApplication deadline: Jun 1, 2026Amazon's STORM Red Team (SDO Threat Operations, Research & Monitoring) is looking for a Senior Security Engineer to join our team of offensive security operators. We hack Amazon's services, infrastructure, AI/ML systems, processes, and controls, then work with defensive and service teams to fix what we find and sharpen detection, prevention, and response capabilities across the company.STORM is a 10-person team that operates with significant autonomy. We choose our own targets, scope our own engagements, and operate across Amazon (retail, devices, entertainment, healthcare, subsidiaries, and more), partnering with the AWS Red Team when our paths overlap. Our scope is expansive and always challenging, with new business areas and attack surfaces constantly emerging across Amazon.We run multi-week adversary emulation campaigns, purple team exercises, shortest-path assessments, and targeted research efforts. The work ranges from emulating nation-state actors against critical infrastructure to testing whether a financially motivated threat group's public playbook would work against us. We report directly into SDO security leadership and our findings regularly reach VP and SVP audiences.This is a fully remote position by design. The team is distributed and operates remotely as a core part of how we work.We're looking for someone who can independently lead Red Team engagements end-to-end, identify and drive remediation of systemic security issues, mentor other operators, and influence security outcomes across organizational boundaries. You'll be working alongside experienced operators on high-impact engagements against Amazon's most critical systems.Key Job ResponsibilitiesLead Red Team engagements end-to-end: scoping, target identification, execution, reporting, and driving remediation with service teamsBuild and execute complex, multi-stage attack paths across diverse environments including cloud infrastructure, AI/ML systems, and corporate networksIdentify systemic security issues that span multiple teams and drive ownership, prioritization, and resolution through escalation when neededOwn a functional area on the Red Team (e.g., detection engineering partnership, threat intelligence integration, tooling, response collaboration) and drive it forwardProduce high-quality engagement reports with sufficient background, context, and actionable recommendations for both technical and leadership audiencesMentor and develop other engineers on the team by overseeing engagements, providing report reviews, and raising the technical barProactively identify valuable engagement targets and drive their prioritization through understanding of Amazon's threat landscape and business contextCollaborate with detection engineering, incident response, and security leadership to translate offensive findings into defensive improvementsDevelop and maintain offensive tooling, automation, and methodologies that improve team efficiencyLeverage AI to accelerate offensive workflows and assess AI/ML systems for security weaknessesBasic QualificationsKnowledge of cloud computing services and deployment architectureBachelor's degree in computer science or equivalent, or 6+ years of hands‑on Red Team / offensive security experience in lieu of a degree5+ years of programming in Python, Ruby, Go, Java, C++, or similar5+ years of experience on a Red Team or in offensive security roles (penetration testing, adversary simulation, vulnerability research)2+ years of experience leading or technically directing multi‑person offensive engagementsPreferred QualificationsExperience leading multi‑week adversary emulation campaigns from scoping through remediationExperience identifying and driving resolution of systemic security issues across organizational boundariesExperience with cloud‑native red teaming (AWS, Azure, or GCP attack paths, privilege escalation, cross‑account lateral movement)Experience assessing or attacking AI/ML systems (prompt injection, agent manipulation, model extraction, training data poisoning, RAG exploitation)Experience leveraging AI/ML for offensive purposes (automated recon, exploit development, payload generation, building offensive agents)Published security research, CVEs, conference talks, or open‑source offensive toolingAmazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.BenefitsBase salary range for this position is 178,400.00 – 226,700.00 USD annually. Your Amazon package will include sign‑on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance, and option for Supplemental life plans), EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage, 401(k) matching, paid time off, and parental leave.Learn more about our benefits at

Job ID: 10432191 | Amazon.com Services LLCApplication deadline: Jun 1, 2026Amazon's STORM Red Team (SDO Threat Operations, Research & Monitoring) is looking for a Senior Security Engineer to join our team of offensive security operators. We hack Amazon's services, infrastructure, AI/ML systems, processes, and controls, then work with defensive and service teams to fix what we find and sharpen detection, prevention, and response capabilities across the company.STORM is a 10-person team that operates with significant autonomy. We choose our own targets, scope our own engagements, and operate across Amazon (retail, devices, entertainment, healthcare, subsidiaries, and more), partnering with the AWS Red Team when our paths overlap. Our scope is expansive and always challenging, with new business areas and attack surfaces constantly emerging across Amazon.We run multi-week adversary emulation campaigns, purple team exercises, shortest-path assessments, and targeted research efforts. The work ranges from emulating nation-state actors against critical infrastructure to testing whether a financially motivated threat group's public playbook would work against us. We report directly into SDO security leadership and our findings regularly reach VP and SVP audiences.This is a fully remote position by design. The team is distributed and operates remotely as a core part of how we work.We're looking for someone who can independently lead Red Team engagements end-to-end, identify and drive remediation of systemic security issues, mentor other operators, and influence security outcomes across organizational boundaries. You'll be working alongside experienced operators on high-impact engagements against Amazon's most critical systems.Key Job ResponsibilitiesLead Red Team engagements end-to-end: scoping, target identification, execution, reporting, and driving remediation with service teamsBuild and execute complex, multi-stage attack paths across diverse environments including cloud infrastructure, AI/ML systems, and corporate networksIdentify systemic security issues that span multiple teams and drive ownership, prioritization, and resolution through escalation when neededOwn a functional area on the Red Team (e.g., detection engineering partnership, threat intelligence integration, tooling, response collaboration) and drive it forwardProduce high-quality engagement reports with sufficient background, context, and actionable recommendations for both technical and leadership audiencesMentor and develop other engineers on the team by overseeing engagements, providing report reviews, and raising the technical barProactively identify valuable engagement targets and drive their prioritization through understanding of Amazon's threat landscape and business contextCollaborate with detection engineering, incident response, and security leadership to translate offensive findings into defensive improvementsDevelop and maintain offensive tooling, automation, and methodologies that improve team efficiencyLeverage AI to accelerate offensive workflows and assess AI/ML systems for security weaknessesBasic QualificationsKnowledge of cloud computing services and deployment architectureBachelor's degree in computer science or equivalent, or 6+ years of hands‑on Red Team / offensive security experience in lieu of a degree5+ years of programming in Python, Ruby, Go, Java, C++, or similar5+ years of experience on a Red Team or in offensive security roles (penetration testing, adversary simulation, vulnerability research)2+ years of experience leading or technically directing multi‑person offensive engagementsPreferred QualificationsExperience leading multi‑week adversary emulation campaigns from scoping through remediationExperience identifying and driving resolution of systemic security issues across organizational boundariesExperience with cloud‑native red teaming (AWS, Azure, or GCP attack paths, privilege escalation, cross‑account lateral movement)Experience assessing or attacking AI/ML systems (prompt injection, agent manipulation, model extraction, training data poisoning, RAG exploitation)Experience leveraging AI/ML for offensive purposes (automated recon, exploit development, payload generation, building offensive agents)Published security research, CVEs, conference talks, or open‑source offensive toolingAmazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.BenefitsBase salary range for this position is 178,400.00 – 226,700.00 USD annually. Your Amazon package will include sign‑on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance, and option for Supplemental life plans), EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage, 401(k) matching, paid time off, and parental leave.Learn more about our benefits at

• 

• Government Careers