AWS Security Specialty
AWS Certified Security — Specialty (SCS-C02)
Deep AWS security: IAM, data protection, detection, incident response within AWS primitives.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition scoreAWS doesn't publish per-cert counts; widely cited on AWS-heavy security listings.
› Built for these roles
› Exam format
65 questions (multiple-choice + multiple-response) over 170 minutes, English plus several other languages. Pearson VUE in person or online proctored.
› Recertification
Recertify by passing the current version of the exam (or any higher-tier AWS cert) within three years. No CPE program, no maintenance fee.
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 5 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.
AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.
Symmetric/asymmetric, PKI, TLS/SSL, hashing, post-quantum cryptography, key management.
SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.
SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.
› Also touched
Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.
Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.
Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.
Backup integrity, immutable snapshots, cyber-recovery vaults, restore orchestration, BCM/DR, tabletop exercises, ransom-scenario restoration drills.
› Known coverage gaps
Domains this cert does not meaningfully address. Plan follow-up learning here if your role touches any of them.
› Prerequisites
Five years of IT security experience with two years in AWS security. AWS Solutions Architect Associate / SysOps experience strongly recommended.
- AWS core services (IAM, VPC, KMS, CloudTrail, GuardDuty)
- Cloud security primitives
- Network and data encryption patterns
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
No follow-on certs reference this one yet.
› Careers that commonly pursue this cert
Secure cloud infrastructure across AWS, Azure, and GCP. Specialize in the shared responsibility model and cloud-native controls.
A hybrid role growing out of the realisation that SOCs need engineers who understand cloud-native telemetry, IAM-first threat models, and how to instrument AWS/Azure/GCP for detection.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.