We are looking for a Security / Policy Engineer to design and implement authorization models for AI agents and cloud-native platforms. The role focuses on AWS AgentCore Policy (Cedar), policy-as-code, OAuth/JWT-based authorization, and zero-trust security architecture. The ideal candidate has hands-on experience with cloud security, identity engineering, ABAC design, and enterprise-grade access control systems.
Our customer is a multinational corporation with more than a century of history and offices in over 180 countries. Their most ambitious goal at the time is to introduce a range of Reduced-Risk Products (RRPs). The target audience is more than 1 billion consumers around the globe. IT platform hosts 700+ applications.
Intellia's mission is to help the client with the engineering of a comprehensive software ecosystem for a game-changing IoT product on the margin of innovative consumer experience and cutting-edge technology. Our teams are involved in the engineering of core platform components for best-in-class eCommerce, Digital Marketing and IoT solutions. As an Engineer, you will become a part of Core Architecture Team and be responsible for the architecture, implementation of best practices in our Digital Engineering Enterprise Platform.
The Platform is a set of services and internet applications that accelerate the development and delivery of software applications by taking care of common SDLC challenges. The Platform provides access and consumption for engineering teams to a set of services, technologies, practices for their development and for operating their application, ensuring a set of compliance and best practices.
Requirements:
• AWS AgentCore Policy (Cedar)
• Cedar policy language (principals, actions, resources, conditions)
• OAuth 2.0 / JWT / MS Entra integration
• Policy-as-code patterns
• Default-deny authorization models
• Audit logging for policy decisions
Experience:
• 5+ years cloud security or identity engineering
• Attribute-based access control (ABAC) design
• OAuth 2.0 / JWT token inspection and claims mapping
• Enterprise security review (InfoSec, ARB processes)
Will be a plus:
• AWS Cedar (open source) prior exposure
• AWS Verified Permissions or AgentCore Policy early experience
• Zero-trust architecture design
Responsibilities:
- Design and implement authorization policies using Cedar and AWS AgentCore Policy.
- Develop and maintain policy-as-code frameworks for cloud-native and AI-agent platforms.
- Build and govern Attribute-Based Access Control (ABAC) models following least-privilege and default-deny principles.
- Integrate authorization systems with OAuth 2.0, JWT, and Microsoft Entra ID.
- Define and maintain principals, resources, actions, and conditional access policies.
- Design token validation, claims mapping, and authorization decision workflows.
- Implement audit logging and traceability for policy evaluation and access decisions.
- Partner with security, architecture, and platform teams to support enterprise security reviews and governance processes.
- Contribute to zero-trust security architecture and authorization strategy across distributed systems.
- Evaluate and adopt emerging AWS authorization technologies, including Cedar and AWS Verified Permissions.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Security & Governance Engineer
2026-07-07
Lead Automation QA (Java) Engineer
2026-07-08
Security & Test Engineer (A2A)
2026-07-06
- Posted
- Jul 07, 2026
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Ukraine
- Company
- Intellias
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Security & Governance Engineer
2026-07-07
Lead Automation QA (Java) Engineer
2026-07-08
Security & Test Engineer (A2A)
2026-07-06