Description As a Principal Security Engineer in the Appstar organization, you lead application security reviews across complex systems, identify and advise on critical security risks, and mentor the broader security engineering team. You own security outcomes that reduce persistent risks and proactively shape organization-level security posture. You are responsible for establishing and maintaining the enterprise-wide application security review methodology - including threat modelling philosophy, security testing standards, and remediation validation. You design security patterns and standards that serve as the foundation for secure development across all engineering organizations, with a focus on increasing automation of discoverable vulnerabilities and reducing manual security work for both builder and security teams. You make critical architectural decisions for systems handling billions in revenue, evaluating high-risk design decisions and setting security standards for new technology adoption. You develop reusable architectural patterns that balance security requirements with business needs, and serve as the organization's risk management subject matter expert - making final determinations on high-risk issues and establishing risk acceptance processes at the VP and SVP level. This role requires deep expertise in application security architecture, advanced threat modelling, and secure development practices, combined with strong business acumen to perform cost-benefit analyses and influence product roadmaps. You will regularly partner with VP and SVP-level leadership, lead security architecture working groups, and mentor other security engineers - driving security culture across the organization. Key job responsibilities - Establish and maintain application security review methodology, creating comprehensive frameworks that address various application types and risk levels used across Amazon's wide application landscape - Make security architecture decisions for Amazon's most critical application, evaluating high-risk design decisions and establishing security standards for new technology adoption - Execute application security reviews across complex applications and across organizations, proactively identifying critical security risks others may miss and providing actionable guidance on risk mitigation and remediation - Mentor security engineers and architects across the organization, leading security architecture working groups and creating security review playbooks, risk assessment frameworks, and architectural patterns that become organizational standards - Drive automation and AI-powered security solutions to scale security reviews, threat detection, and vulnerability management across the application portfolio to match the development pace of builders Basic Qualifications - Experience in security engineering, with significant experience in application security or a relevant domain - Experience in Threat Modelling, Code Review, and Security Testing - Proven track record of driving security solutions at scale - Experience leading technical security initiatives across multiple teams and stakeholders - Proven ability to influence senior technical leaders and build trust with security organizations Preferred Qualifications - Bachelor's degree in Computer Science, Engineering, or related field; Master's degree preferred - Experience with AI/ML systems and their security implications and applications - Track record of building and deploying automated security solutions in large-scale environments - History of contributions to security automation or tooling in the broader security community - Experience driving adoption of new security technologies across large engineering organizations Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( https://www.amazon.jobs/en/privacy\_page ) to know more about how we collect, use and transfer the personal data of our candidates. Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status. Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.