About us
Learn About
Amazon Information Security (which is excellent)
About Amazon
Learn About Our Business
And Technology
Job opportunities
Career Opportunities With
Information Security
Job Opportunities
The Amazon Information Security team takes the security of our customers', as well as our own, information and systems seriously. Enabling Amazon's business to grow and develop presents a unique and exciting blend of security challenges.
We're looking for exceptional security engineers specializing in a variety of disciplines; if building secure, world-class "always on" infrastructure and businesses excites you, we hope you'll get in touch!
Below is a list of the specific groups within our Information Security team. If you can see yourself working in any of these groups, we should talk!

Application Security Engineering
The Application Security Engineering Team works with teams throughout Amazon and its subsidiaries, to assess security practice and policy, detect vulnerabilities and flaws, protect software and systems, and to defend against application-related threats. Common tasks throughout our team include secure development lifecycle, design review, training, threat modeling, code review, penetration testing and monitoring the risk landscape for change. When it suits us to do so, we will also write some of our own tools.
Security Operations
The Security Operations team is the first line of response when dealing with information security threats to Amazon and its Subsidiaries. The team is responsible with providing expert analysis to aid service owners in responding to new and emergent risks to Amazon's customer data and infrastructure. The team is responsible for the development of tools, techniques and processes that enhance Amazon's ability to respond to information security events.
Security Intelligence
Our team is about building systems to support Amazon's security infrastructure. Our projects include working on advanced identity and access management solutions, massive scale security configuration and monitoring systems, and extensive digital certificate and code-signing management, which support our security initiatives across Amazon and our subsidiaries.
Working with us means working on advanced software technologies at a scale unique to Amazon and solving complex and interesting problems. We are looking for software developers from new graduates to seasoned veterans. Fundamentally, you must have a solid foundation in computer science, with strong competencies in data structures, algorithms, and software design. Expertise in Java, Perl, Ruby, JavaScript, Linux, database design and SQL, information retrieval, distributed computing, large-scale system design, networking, security, and user interface design, are all strong pluses.
External Party Security
The External Party Security (EPSec) team is the front line of defense for ensuring the protection of Amazon data in external party environments. The EPSec team constantly engages with business owners to identify and document their relationships with external parties and evaluate the risk posed to Amazon data. Tracking remediation issues to resolution and reporting our risk posture to senior leaders as related to external party use cases is the backbone of our operational business. Additionally, the EpSec team is the point of contact for the security diligence surrounding Amazon acquisitions and subsidiaries like Zappos, Abebooks and ShopBop to name a few.
Infrastructure Security
Infrastructure Security designs and builds the first lines of defense and security monitoring for Amazon’s network and data assets. We consult with infrastructure teams on new internal and border network design, DDoS mitigation architecture and secure zone design.
Security Program Services
The Security Program Services team drives the rhythm of the business for Information Security. Our pillars include but are not limited to: business operations, overall program efficiency, project leadership and relationship management that scale to our many senior leaders, partners and subsidiaries globally. In addition, we work on process improvements, security training as well as outreach and awareness efforts at security conferences and college campuses.
Attack and Research
Attack and Research conducts deep investigations to provide intelligence supporting risk management decisions. The team also handles incident response and attacks on the enterprise.
Vulnerability Management
The Vulnerability Management Team is responsible for understanding, protecting and improving the security posture of Amazon. Our main function is to drive the Vulnerability and Patch Management program ensuring that our systems, both internal and external, are continuously scanned to quickly identify, mitigate, remediate and report on vulnerabilities.
AWS IT Security
AWS IT Security The AWS IT Security team is responsible for the security and availability of all of the services offered by AWS, including EC2, S3, and others. Our team works with the service teams to solve security challenges at massive scale, and builds tools to automate the auditing and operation of AWS infrastructure. We are looking for super-smart software and systems professionals to join us and help us continue to raise the security bar for cloud computing. We have the following job openings

As an equal opportunity employer, the Amazon group of companies is committed to a diverse workforce and is also committed to a barrier-free employment process. Amazon is also committed to a barrier-free employment process. In order to ensure reasonable accommodations for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Era Veterans' Readjustment Assistance Act of 1974, and Title I of the Americans with Disabilities Act of 1990, as amended, individuals that require accommodation in the job application process for a posted position may contact us at 866-437-9078 for assistance.
The Amazon group of companies participates in E-Verify. E-Verify is a web-based system that allows an employer to determine an employee's eligibility to work in the US using information reported on an employee's Form I-9. The E-Verify system confirms eligibility with both the Social Security Administration (SSA) and Department of Homeland Security (DHS).