Skip to main content

Cyber Threat Intelligence Security Engineer II - Malware

Job ID: 1595880 | Services LLC


The Amazon Threat Intelligence team is responsible for investigating and understanding threat actors that are targeting Amazon’s businesses. As a Cyber Threat Intelligence Security Engineer, you will support the daily operation of our threat intelligence program, specifically focused around malware research and analysis. This role will work to understand threat actors and malware authors from all parts of the threat actor spectrum from APT to general cybercrime. Your skills in malware analysis, threat research, report writing and automation will be crucial for our threat intelligence team.

In this role, you will provide analysis and support for emerging threats, threat actors and their associated malware targeting Amazon and Amazon Subsidiaries. You will coordinate with other Security Engineers to provide actionable intelligence to other security engineering teams including Incident Response, Threat Hunting, and Red Team adversarial simulations. You’ll be a critical part of an organization focused on influencing the security culture within Amazon, with the ultimate goal of ensuring the continued safety and security of our customers.

Key responsibilities include:
· Collaborate on developing, implementing, and maintaining our threat intelligence platform and related tooling as it pertains to malware, malware analysis, and malware handling systems such as sandboxes.
· Collect, analyze, and author threat intelligence reports covering new threats, vulnerabilities and malware.
· Provide situational awareness on the current threat landscape and the TTPs associated with specific threats to our business, including ongoing malware campaigns.
· Demonstrate practical knowledge managing threat data and creating intelligence assessments in support of our incident response & threat hunting missions
· Collect data from intelligence communities, threat intelligence platforms, open source data repositories, and other sources to analyze TTPs and anomalies
· Conduct detailed technical analysis supported by industry accepted threat intelligence analytical frameworks, tools, and standards.
· Ability to write automation to aid in malware analysis or design systems to assist in handling malware, such as sandboxes or malware intelligence platforms.
· Provide timely, relevant, and proactive analysis across Amazon and subsidiaries.
· Proficiency with Python, PHP, Perl, or similar scripting languages


· Bachelor’s degree in Computer Science, Computer Engineering, Information Assurance, Cybersecurity, Electrical and Computer Engineering or relevant/equivalent experience working in Information Security
· 3-5 years working within Information Security supporting/performing incident response, Red Teaming, threat hunting, threat intelligence, forensics, or similarly related experience.
· 2-4 years of experience developing and producing threat analysis products (technical and/or non-technical) for customers
· 1-2 years scripting/programming experience, e.g., Python, C, C++, Java, Ruby, and/or PowerShell
· 1 year experience with SQL or other query languages, e.g., SQL, SparkQL, GraphQL
· Knowledge of current security trends, threats and mitigations.
· Demonstrated experience with analytical tools and processes
· Excellent written and oral communication skills; must be able to write/present with impact
· Demonstrated ability to work both independently and within a matrixed/multi-faceted organization
· Demonstrated sense of ownership, urgency, and accountability
· Familiarity with reverse engineering tools such as IDA Pro, Ghidra, Windbg or Ollydbg
· Reverse engineer and document malware on various platforms
· Be available to respond to malware analysis requests for security incidents


· Work experience in Threat Intelligence, Cyber security field is highly desired
· 3-5 years of experience conducting threat intelligence research and analysis
· 3-5 years global analysis and threat mitigation background
· 3-5 years scripting/programming experience: Python, C, C++, Java, Ruby, and/or PowerShell
· Experience using Threat Intelligence Platforms, building integrations with these platforms, and supporting customers in their use of these platforms
· Familiarity with nation state, criminal, and financially motivated actor groups
· Understanding of industry standard threat frameworks (Lockheed Martin Cyber Kill Chain, Diamond Model, MITRE ATT&CK)
· A background in intelligence analysis is a plus, with knowledge of IR best practices at an enterprise level
· Advanced degree within intelligence or computer science or additional relevant experience
· Ability to develop signatures and signals to detect malware on various platforms or services
· Standing relationships with global associations relevant to the position
· Certifications (any security certification like but not exclusive to the following): CEH, OSCP, GREM, GCTI, or GCIH

Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status. For individuals with disabilities who would like to request an accommodation, please visit