Senior Software Development Engineer, Ads Agent Identity and Authorization Infrastructure
at Amazon
Location
New York, New York, USA
Type
full time
Posted
2 days ago
Tailor your résumé to this role in 30 seconds.
Free account · ATS keyword check · per-job bullet rewrite by Claude.
Job description
We're building the trust and security layer for AI agents on Amazon Ads. As agents become the primary interface for advertisers and partners, we need infrastructure that gives every agent a unique identity, scoped permissions, and a complete audit trail — while giving advertisers full control over what agents can do on their behalf. This is a new strategic investment area and we're assembling the founding team: Sr. SDEs, SDM, and PMT.
We're looking for a Senior Software Development Engineer to design and build agent-native identity and authorization infrastructure at Amazon scale. You'll own critical systems that evaluate every API call from every agent on the platform — deciding in real time whether an agent is authorized to take an action, enforcing capability-scoped permissions, and producing audit trails that give advertisers confidence in agentic workflows. This is greenfield work in a space no one in the industry has solved.
Key job responsibilities
- Design and build authorization infrastructure that evaluates agent permissions at the API layer, enforcing capability-scoped access in real time at low latency and high availability.
- Own the technical vision for agent authentication flows including delegation mode, autonomous mode, and machine-to-machine auth with short-lived tokens.
- Build the agent registry system that issues unique identities to 1P and 3P agents, captures declared capabilities, and integrates with downstream enforcement.
- Design agent-to-agent delegation protocols including scoped tokens and chain-of-trust verification.
- Drive operational excellence across Tier-1 services handling millions of authorization decisions daily. Influence the broader system architecture across 10+ dependent teams, ensuring authorization integrates cleanly with the Ads Agent platform.
- Use AI-powered development tools daily to accelerate your own engineering work.
A day in the life
You might start the morning reviewing a design for how 3P agents authenticate under their own identity rather than borrowing a user's OAuth token. Mid-morning you're in a design review with the Ads Agent
Orchestrator team, aligning on how capability-scoped permissions get enforced when an agent invokes MCP tools. After lunch you're writing code — building the authorization decision engine that evaluates whether "PacVue Bid Optimizer" can adjust bids on advertiser X's campaigns but not touch their creative assets. You close the day pairing with a teammate on load testing the new memcached cluster that needs
to handle 400K+ accounts post-backfill without degrading latency.
Your stakeholders include the Ads Agent platform team, Developer Experience (DX), partner-facing teams, and 3P integrators like PacVue and Teikametrics who are building agents on our platform. You'll work closely with the PMT defining the product and the SDM leading the team.
About the team
The Ads Agent Identity and Authorization Infrastructure (AI²) team owns identity and access management for Amazon Ads — for both humans and AI agents. We manage registration, account management, permission controls, and ad-product eligibility serving 5K+ partners and 2M+ advertisers globally with 800K+ registrations per year. We shipped agent registry and agent authorization for 1P agents in Q1 2026 and are now extending to 3P.
We are a team that ships fast, uses AI tooling in our own workflows, and operates with founding-team energy backed by Amazon Ads scale. We're based in New York (JFK19). - 5+ years of non-internship professional software development experience
- 5+ years of programming with at least one software programming language experience
- 5+ years of leading design or architecture (design patterns, reliability and scaling) of new and existing systems experience
- Experience as a mentor, tech lead or leading an engineering team - 5+ years of full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations experience
- Bachelor's degree in computer science or equivalent
- Experience on highly concurrent, high throughput systems and knowledge of complex distributed systems
- Experience building complex software systems that have been successfully delivered to customers, or experience managing teams
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
USA, NY, New York - 184,900.00 - 250,200.00 USD annually
We're looking for a Senior Software Development Engineer to design and build agent-native identity and authorization infrastructure at Amazon scale. You'll own critical systems that evaluate every API call from every agent on the platform — deciding in real time whether an agent is authorized to take an action, enforcing capability-scoped permissions, and producing audit trails that give advertisers confidence in agentic workflows. This is greenfield work in a space no one in the industry has solved.
Key job responsibilities
- Design and build authorization infrastructure that evaluates agent permissions at the API layer, enforcing capability-scoped access in real time at low latency and high availability.
- Own the technical vision for agent authentication flows including delegation mode, autonomous mode, and machine-to-machine auth with short-lived tokens.
- Build the agent registry system that issues unique identities to 1P and 3P agents, captures declared capabilities, and integrates with downstream enforcement.
- Design agent-to-agent delegation protocols including scoped tokens and chain-of-trust verification.
- Drive operational excellence across Tier-1 services handling millions of authorization decisions daily. Influence the broader system architecture across 10+ dependent teams, ensuring authorization integrates cleanly with the Ads Agent platform.
- Use AI-powered development tools daily to accelerate your own engineering work.
A day in the life
You might start the morning reviewing a design for how 3P agents authenticate under their own identity rather than borrowing a user's OAuth token. Mid-morning you're in a design review with the Ads Agent
Orchestrator team, aligning on how capability-scoped permissions get enforced when an agent invokes MCP tools. After lunch you're writing code — building the authorization decision engine that evaluates whether "PacVue Bid Optimizer" can adjust bids on advertiser X's campaigns but not touch their creative assets. You close the day pairing with a teammate on load testing the new memcached cluster that needs
to handle 400K+ accounts post-backfill without degrading latency.
Your stakeholders include the Ads Agent platform team, Developer Experience (DX), partner-facing teams, and 3P integrators like PacVue and Teikametrics who are building agents on our platform. You'll work closely with the PMT defining the product and the SDM leading the team.
About the team
The Ads Agent Identity and Authorization Infrastructure (AI²) team owns identity and access management for Amazon Ads — for both humans and AI agents. We manage registration, account management, permission controls, and ad-product eligibility serving 5K+ partners and 2M+ advertisers globally with 800K+ registrations per year. We shipped agent registry and agent authorization for 1P agents in Q1 2026 and are now extending to 3P.
We are a team that ships fast, uses AI tooling in our own workflows, and operates with founding-team energy backed by Amazon Ads scale. We're based in New York (JFK19). - 5+ years of non-internship professional software development experience
- 5+ years of programming with at least one software programming language experience
- 5+ years of leading design or architecture (design patterns, reliability and scaling) of new and existing systems experience
- Experience as a mentor, tech lead or leading an engineering team - 5+ years of full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations experience
- Bachelor's degree in computer science or equivalent
- Experience on highly concurrent, high throughput systems and knowledge of complex distributed systems
- Experience building complex software systems that have been successfully delivered to customers, or experience managing teams
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, NY, New York - 184,900.00 - 250,200.00 USD annually