Amazon Optics is hiring a leader for the Access Control organization: a multi-team engineering group responsible for delivering Amazon's first-party physical access control system (OACS) across AWS data centers, corporate offices, and Leo facilities globally.
This role spans the full spectrum of product delivery: you will own the development of a custom hardware platform, the firmware that runs on it, the cloud services that manage it, and the customer-facing applications that security operators use daily. You are simultaneously launching this product into three distinct customer segments, each with different operational requirements, deployment velocities, and security postures.
You will lead at least three software development teams, and own the multi-year product roadmap, the technical strategy for deprecating third-party access control dependencies, and the operational posture of a platform running at 99.999% availability across thousands of physical security devices globally.
The right candidate is equally comfortable reviewing a firmware design for an embedded controller, debating the API contract between two cloud services, defending a hardware supply chain timeline to a VP, and coaching SDMs. You must be able to hold both the long-term architectural vision and the weekly operational reality of a deployed physical security system where failures mean people cannot enter or exit secured spaces.
Key job responsibilities
Own the product roadmap and multi-year technical strategy for Access Control, aligning engineering investment to business outcomes across three customer segments
Lead software development teams through their SDM managers, setting engineering standards, coaching leaders, and ensuring delivery velocity against organizational goals
Drive the full lifecycle of hardware, from design validation and certification through contract manufacturing, supply chain management, and global distribution, in coordination with AWS Procurement and third-party manufacturing partners
Own the firmware platform running on thousands of deployed controllers, including OTA update strategy, regression testing, and backward compatibility across hardware generations
Deliver the OACS cloud services (authorization, credential management, site configuration, device intelligence) at 99.999% availability with mechanisms for automatic failure reconciliation
Define and execute the migration strategy to deprecate 3P systems across 2,000+ existing sites, managing parallel-run risk, customer communication, and operational continuity during transition
Don't want to miss the next one?
Subscribe to daily email alerts for roles matching your interests.
Own cross-organizational dependencies to ensure deployment velocity is not gated by engineering and operational readiness
Establish operational excellence mechanisms, including on-call posture, COE processes, and service-level metrics that separate service health ownership (SDEs) from device/system health ownership (SysEng/SupEng)
Build and scale the organization: assess future skills, roles, and team structure needed to support 2,000+ sites on OACS while simultaneously developing new capabilities
Represent Access Control to VP-level leadership, articulating product strategy, risk posture, and delivery confidence in MBR and QBR forums
A day in the life Your morning starts with a review of overnight operational metrics: device health, access transaction availability, and any badging incidents across the global fleet. By mid-morning, you're in an architecture review for the next iteration of the abstraction API layer. You challenge the team on backward compatibility with existing deployments while pushing toward the clean abstraction needed for multi-tenant credential management. After lunch, you join a supply chain sync with procurement teams, your contract manufacturer, and your hardware distributor. You need to ensure the production ramp doesn't slip against the working backward date. Late afternoon, you have 1:1s with two of your SDM directs. One is navigating a complex cross-team dependency between the device management platform and the site configuration service. The other is building the case for promoting their senior engineer to Principal; you review the evidence and sharpen the narrative. You close the day by reviewing the draft deployment schedule for the next cluster of AWS data centers converting to your product. You escalate to your peer in a cross-VP org and propose a new resourcing model to solidify customer outcomes.
About the team
Amazon Optics builds the physical security technology platform for Amazon: the software, firmware, and hardware that controls who can enter every data center, corporate office, and specialized facility across the company. We are replacing decades of third-party vendor dependency with purpose-built, first-party solutions that give security operators complete control over their physical environment.
The Access Control organization within Optics owns the full vertical: from the embedded firmware running on access control panels at the door, to the cloud services managing credentials and authorization decisions, to the operator-facing applications used by security teams 24/7. We are one of the few teams at Amazon simultaneously developing custom hardware, shipping firmware, operating cloud services, and launching into multiple business units — all while maintaining five-nines availability on a system where failures have immediate physical security consequences.
Our customers include AWS DC Security (operating 400+ data centers globally), Amazon Corporate Security (462 office sites), and Leo Security (ground stations and launch facilities). We are in the early innings of a multi-year platform transition that will eliminate all third-party access control dependencies across Amazon. The scale of the problem, the diversity of customer needs, and the physical-digital intersection of the product make this unlike any other software development leadership role at the company.
We value builders who think in systems — people who can dive deep on wiring topology in a edge-installed cabinet to the multi-region service architecture to the 3-year product roadmap and back, without losing the thread. If you want to lead an organization building something that physically protects Amazon's most critical infrastructure, this is the role.
Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security? At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported i
Similar roles you might like
More openings like this one — take a look before you go.