We're building the trust and security layer for AI agents on Amazon Ads. As agents become the primary interface for advertisers and partners, we need infrastructure that gives every agent a unique identity, scoped permissions, and a complete audit trail — while giving advertisers full control over what agents can do on their behalf. This is a new strategic investment area and we're assembling the founding team: Sr. SDEs, SDM, and PMT.
We're looking for a Senior Software Development Engineer to design and build agent-native identity and authorization infrastructure at Amazon scale. You'll own critical systems that evaluate every API call from every agent on the platform — deciding in real time whether an agent is authorized to take an action, enforcing capability-scoped permissions, and producing audit trails that give advertisers confidence in agentic workflows. This is greenfield work in a space no one in the industry has solved.
Key job responsibilities
- Design and build authorization infrastructure that evaluates agent permissions at the API layer, enforcing capability-scoped access in real time at low latency and high availability.
- Own the technical vision for agent authentication flows including delegation mode, autonomous mode, and machine-to-machine auth with short-lived tokens.
- Build the agent registry system that issues unique identities to 1P and 3P agents, captures declared capabilities, and integrates with downstream enforcement.
- Design agent-to-agent delegation protocols including scoped tokens and chain-of-trust verification.
- Drive operational excellence across Tier-1 services handling millions of authorization decisions daily. Influence the broader system architecture across 10+ dependent teams, ensuring authorization integrates cleanly with the Ads Agent platform.
- Use AI-powered development tools daily to accelerate your own engineering work.
A day in the life
You might start the morning reviewing a design for how 3P agents authenticate under their own identity rather than borrowing a user's OAuth token. Mid-morning you're in a design review with the Ads Agent
Orchestrator team, aligning on how capability-scoped permissions get enforced when an agent invokes MCP tools. After lunch you're writing code — building the authorization decision engine that evaluates whether "PacVue Bid Optimizer" can adjust bids on advertiser X's campaigns but not touch their creative assets. You close the day pairing with a teammate on load testing the new memcached cluster that needs
to handle 400K+ accounts post-backfill without degrading latency.
Your stakeholders include the Ads Agent platform team, Developer Experience (DX), partner-facing teams, and 3P integrators like PacVue and Teikametrics who are building agents on our platform. You'll work closely with the PMT defining the product and the SDM leading the team.
About the team
The Ads Agent Identity and Authorization Infrastructure (AI²) team owns identity and access management for Amazon Ads — for both humans and AI agents. We manage registration, account management, permission controls, and ad-product eligibility serving 5K+ partners and 2M+ advertisers globally with 800K+ registrations per year. We shipped agent registry and agent authorization for 1P agents in Q1 2026 and are now extending to 3P.
We are a team that ships fast, uses AI tooling in our own workflows, and operates with founding-team energy backed by Amazon Ads scale. We're based in New York (JFK19).
