Security Engineer - Hardware, Firmware, Virtualization, Secure Hardware And Foundational Technologies Team

Amazon
London
4 months ago
Applications closed

Related Jobs

View all jobs

Security Engineer

Security Engineer

Security Engineer – ForgeRock

Security Engineer [UAE Based] (London Area)

Security Engineer (London Area)

Security Engineer

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services.

Help us protect not only the Amazon Security (AmSec) cloud computing environment but all of our customers as well! Since 2006, our great team at AmSec has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. With AmSec you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them.

Amazon Security is working on security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member’s growth as our business grows.

As a part of the Secure Hardware and Foundational Technologies group, we help Amazon launch brand new products and invest in emerging technologies securely. We are looking for a technically deep Senior Security Engineer to help secure our foundational platforms such as OS kernels, virtualization, device emulation, firmware and hardware. You will be responsible for conducting security reviews, threat modeling, developing tooling that will help detect security issues at scale and hands-on security evaluations (pen-testing).

The successful candidate must be comfortable diving into complex engineering discussions, and leveraging deep security expertise to ensure proper risk assessment and threat analysis is performed. You will provide crystal-clear technical direction and risk mitigation guidance for diverse engineering and business leaders at all levels.

By applying your hard-earned years of practical security engineering expertise in projects related to enterprise networking, hardware-rooted security, operating system hardening, and cloud-scale administrative infrastructure, you will literally shape the future of cloud computing.

You are expected to be strong in multiple domains and provide significant contributions to the IT Security team and to multiple groups throughout AmSec. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.

You should foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AmSec and by groups throughout Amazon), while having an understanding of the application of information security in a broad range of technical areas.

You will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.

Key job responsibilities
- Security reviews for hardware including servers and devices.
- Penetration testing & vulnerability research
- Threat modeling.
- Security training and outreach to internal development teams.
- Security guidance documentation.
- Assistance with recruiting activities.

About the team
Diverse Experiences

Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.

Why Amazon Security?

At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.

Inclusive Team Culture

In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.

Training & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.

Work/Life Balance

We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why we strive for flexibility as part of our working culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.

Mentorship & Career Growth

We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, mentorship and other career-advancing resources here to help you develop into a better-rounded professional.

BASIC QUALIFICATIONS

- BS in Computer Science or related field, or equivalent work experience.
- Extensive experience in Security Engineering or Development of Security capabilities, supporting engineering projects from concept to delivery, and 2 years in two or more of the following technical categories: Virtualization security (Xen, KVM, QEMU) - Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA) - x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, Secure Boot, JTAG, PCIe) - Physical security testing at the machine level
- Security testing of compute platforms (Server, PC or Mobile) - Working with diverse physical tamper resistance and/or tamper detection techniques

PREFERRED QUALIFICATIONS

- MS in Computer Science, Information Security, or related field, or equivalent work experience
- Demonstrated ability to prepare technical specifications and executive-ready communications
- Experience using AWS core services (EC2, S3, IAM, Kinesis, Lambda, KMS, VPC, etc)
- Experience designing for relevant security standards (TCG, IEEE, NIST, FIPS, PCI, ISO 28000 series)
- Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM)
- Expert knowledge of Windows, Linux, and hypervisor security (especially in cloud environments)
- Expert knowledge of common security-relevant protocols (e.g. SSH, TLS, DNS, DHCP, NTP, ICMP)

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Quantum-Enhanced AI in Cyber Security: Guarding the Digital Frontier

The cyber security landscape has evolved dramatically over the past decade. Long gone are the days when businesses primarily worried about simplistic phishing or basic website defacements. Today’s threats include nation-state attacks, sophisticated ransomware, AI-generated phishing campaigns, and a wide array of stealthy intrusion methods. Organisations must defend vast digital ecosystems that include cloud infrastructure, IoT devices, and critical operational technology—any of which can become high-value targets for malicious actors. Amid these escalating challenges, a new technological wave is emerging: quantum computing. Although still in its infancy, quantum computing promises capabilities that could surpass even the most advanced classical supercomputers for specific tasks. Simultaneously, in the world of Artificial Intelligence (AI)—where data volumes and model complexity are exploding—quantum’s parallelism could significantly boost analysis, training, and decision-making. What unfolds when quantum computing and AI converge in the realm of cyber security? On one hand, quantum technologies could introduce stronger encryption and faster threat detection. On the other, adversaries armed with quantum power might break today’s cryptographic protocols or develop more potent attacks at unimaginable speeds. This article explores the phenomenon of quantum-enhanced AI for cyber security: the possibilities it unlocks, the challenges it poses, and the reasons it could reshape both defensive and offensive operations in the digital world.

Jobs

Cyber Security Jobs at Newly Funded UK Start-ups: Q3 2025 Investment Tracker

Cyber security is no longer just a topic for tech-savvy professionals—it’s an essential pillar of every modern organisation. From protecting sensitive customer data to thwarting state-sponsored attacks, cyber security teams play a crucial role in safeguarding digital infrastructures across all sectors. In the UK, cyber security innovation is thriving, fuelled by a fertile mix of venture capital, government backing, and an ever-growing pool of talented specialists. Now, in the third quarter of 2025, we’ve seen a fresh influx of funding for cyber security start-ups that are poised to shape the industry’s future. This Q3 2025 Investment Tracker highlights newly funded UK-based cyber security start-ups, their core offerings, and—most importantly—the wide range of job opportunities they’re creating. Whether you’re a veteran security analyst, a pen tester, or a newcomer eager to explore the defensive side of tech, these start-ups are actively seeking professionals to help drive their next phase of growth. We’ll also guide you through the essential skills in demand, strategies to secure a role, and how to leverage CyberSecurityJobs.tech to fast-track your job search.

Jobs

Portfolio Projects That Get You Hired for Cyber Security Jobs (With Real GitHub Examples)

With rising cyber threats and increasingly sophisticated attacks, cyber security has become a critical priority for organisations worldwide. From penetration testers (pentesters) and SOC analysts to cloud security engineers and threat intelligence specialists, the demand for skilled cyber security professionals continues to surge. But how do you stand out in a growing field? Alongside your CV, an impressive cyber security portfolio can be the distinguishing factor that convinces employers you’re the right fit. In this comprehensive guide, you’ll discover: Why a cyber security portfolio is essential for job seekers in this domain. How to align portfolio projects with different cyber security career paths. Real GitHub examples that demonstrate best practices in security-focused projects. Actionable project ideas you can start today, from penetration testing labs to blue-team detection pipelines. Best practices for organising your repos and presenting your work so hiring managers can instantly see your impact. When you’re ready to pursue your next opportunity, remember to upload your CV on CyberSecurityJobs.tech. Our specialised platform connects talented security professionals with employers who need your expertise—exactly what your portfolio will showcase.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.