Description

As a Principal Security Engineer in the Appstar organization, you lead application security reviews across complex systems, identify and advise on critical security risks, and mentor the broader security engineering team. You own security outcomes that reduce persistent risks and proactively shape organization-level security posture.

You are responsible for establishing and maintaining the enterprise-wide application security review methodology — including threat modelling philosophy, security testing standards, and remediation validation. You design security patterns and standards that serve as the foundation for secure development across all engineering organizations, with a focus on increasing automation of discoverable vulnerabilities and reducing manual security work for both builder and security teams.

You make critical architectural decisions for systems handling billions in revenue, evaluating high-risk design decisions and setting security standards for new technology adoption. You develop reusable architectural patterns that balance security requirements with business needs, and serve as the organization's risk management subject matter expert — making final determinations on high-risk issues and establishing risk acceptance processes at the VP and SVP level.

This role requires deep expertise in application security architecture, advanced threat modelling, and secure development practices, combined with strong business acumen to perform cost-benefit analyses and influence product roadmaps. You will regularly partner with VP and SVP-level leadership, lead security architecture working groups, and mentor other security engineers — driving security culture across the organization.

Key job responsibilities
- Establish and maintain application security review methodology, creating comprehensive frameworks that address various application types and risk levels used across Amazon's wide application landscape
- Make security architecture decisions for Amazon's most critical application, evaluating high-risk design decisions and establishing security standards for new technology adoption
- Execute application security reviews across complex applications and across organizations, proactively identifying critical security risks others may miss and providing actionable guidance on risk mitigation and remediation
- Mentor security engineers and architects across the organization, leading security architecture working groups and creating security review playbooks, risk assessment frameworks, and architectural patterns that become organizational standards
- Drive automation and AI-powered security solutions to scale security reviews, threat detection, and vulnerability management across the application portfolio to match the development pace of builders