Key job responsibilities - Investigate and respond to security findings and customer-reported security events using AI-powered investigation tools and manual forensic techniques - Perform CloudTrail forensics, log analysis, and threat intelligence correlation to determine the scope, impact, and root cause of security events in customer AWS environments - Get on calls with customers during active incidents to walk them through what was compromised and the specific containment steps to execute immediately - Work alongside AI investigation agents daily - review AI-generated conclusions, validate accuracy, and provide structured feedback that improves autonomous investigation quality - Turn every investigation into a service improvement: document reusable indicators, attack patterns, and false positive signals that feed directly into the team's detection pipeline and AI training data - Identify gaps in existing detection rules and auto-remediation playbooks based on patterns observed during investigations, and propose improvements to senior engineers - Use AI-powered tools (including agentic AI assistants) to accelerate your own investigations, and share effective techniques with the team - Coordinate with internal teams to mitigate customer security issues - Participate in on-call rotations, including weekends A day in the life You review the investigation queue, pick up findings from AI agents and automated triage, and investigate using CloudTrail forensics and threat intelligence. You will investigate security incidents hands-on, but equally important is what happens after the investigation: documenting patterns, proposing detection rules, providing structured feedback to AI agents, and building the automation that prevents the same issue from requiring human investigation again.