Amazon Optics is hiring a leader for the Access Control organization: a multi-team engineering group responsible for delivering Amazon's first-party physical access control system (OACS) across AWS data centers, corporate offices, and Leo facilities globally.
This role spans the full spectrum of product delivery: you will own the development of a custom hardware platform, the firmware that runs on it, the cloud services that manage it, and the customer-facing applications that security operators use daily. You are simultaneously launching this product into three distinct customer segments, each with different operational requirements, deployment velocities, and security postures.
You will lead at least three software development teams, and own the multi-year product roadmap, the technical strategy for deprecating third-party access control dependencies, and the operational posture of a platform running at 99.999% availability across thousands of physical security devices globally.
The right candidate is equally comfortable reviewing a firmware design for an embedded controller, debating the API contract between two cloud services, defending a hardware supply chain timeline to a VP, and coaching SDMs. You must be able to hold both the long-term architectural vision and the weekly operational reality of a deployed physical security system where failures mean people cannot enter or exit secured spaces.
Key job responsibilities
- Own the product roadmap and multi-year technical strategy for Access Control, aligning engineering investment to business outcomes across three customer segments
- Lead software development teams through their SDM managers, setting engineering standards, coaching leaders, and ensuring delivery velocity against organizational goals
- Drive the full lifecycle of hardware, from design validation and certification through contract manufacturing, supply chain management, and global distribution, in coordination with AWS Procurement and third-party manufacturing partners
- Own the firmware platform running on thousands of deployed controllers, including OTA update strategy, regression testing, and backward compatibility across hardware generations
- Deliver the OACS cloud services (authorization, credential management, site configuration, device intelligence) at 99.999% availability with mechanisms for automatic failure reconciliation
- Define and execute the migration strategy to deprecate 3P systems across 2,000+ existing sites, managing parallel-run risk, customer communication, and operational continuity during transition
- Own cross-organizational dependencies to ensure deployment velocity is not gated by engineering and operational readiness
- Establish operational excellence mechanisms, including on-call posture, COE processes, and service-level metrics that separate service health ownership (SDEs) from device/system health ownership (SysEng/SupEng)
- Build and scale the organization: assess future skills, roles, and team structure needed to support 2,000+ sites on OACS while simultaneously developing new capabilities
- Represent Access Control to VP-level leadership, articulating product strategy, risk posture, and delivery confidence in MBR and QBR forums
A day in the life
Your morning starts with a review of overnight operational metrics: device health, access transaction availability, and any badging incidents across the global fleet.
By mid-morning, you're in an architecture review for the next iteration of the abstraction API layer. You challenge the team on backward compatibility with existing deployments while pushing toward the clean abstraction needed for multi-tenant credential management.
After lunch, you join a supply chain sync with procurement teams, your contract manufacturer, and your hardware distributor. You need to ensure the production ramp doesn't slip against the working backward date.
Late afternoon, you have 1:1s with two of your SDM directs. One is navigating a complex cross-team dependency between the device management platform and the site configuration service. The other is building the case for promoting their senior engineer to Principal; you review the evidence and sharpen the narrative.
You close the day by reviewing the draft deployment schedule for the next cluster of AWS data centers converting to your product. You escalate to your peer in a cross-VP org and propose a new resourcing model to solidify customer outcomes.
About the team
Amazon Optics builds the physical security technology platform for Amazon: the software, firmware, and hardware that controls who can enter every data center, corporate office, and specialized facility across the company. We are replacing decades of third-party vendor dependency with purpose-built, first-party solutions that give security operators complete control over their physical environment.
The Access Control organization within Optics owns the full vertical: from the embedded firmware running on access control panels at the door, to the cloud services managing credentials and authorization decisions, to the operator-facing applications used by security teams 24/7. We are one of the few teams at Amazon simultaneously developing custom hardware, shipping firmware, operating cloud services, and launching into multiple business units — all while maintaining five-nines availability on a system where failures have immediate physical security consequences.
Our customers include AWS DC Security (operating 400+ data centers globally), Amazon Corporate Security (462 office sites), and Leo Security (ground stations and launch facilities). We are in the early innings of a multi-year platform transition that will eliminate all third-party access control dependencies across Amazon. The scale of the problem, the diversity of customer needs, and the physical-digital intersection of the product make this unlike any other software development leadership role at the company.
We value builders who think in systems — people who can dive deep on wiring topology in a edge-installed cabinet to the multi-region service architecture to the 3-year product roadmap and back, without losing the thread. If you want to lead an organization building something that physically protects Amazon's most critical infrastructure, this is the role.
Diverse Experiences
Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn’t followed a traditional path, or includes alternative experiences, don’t let it stop you from applying.
Why Amazon Security?
At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon’s products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores.
Inclusive Team Culture
In Amazon Security, it’s in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices.
Training & Career Growth
We’re continuously raising our performance bar as we strive to become Earth’s Best Employer. That’s why you’ll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional.
Work/Life Balance
We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there’s nothing we can’t achieve.
Basic Qualifications
- 10+ years of engineering experience
- 5+ years of engineering team management experience
- 10+ years of planning, designing, developing and delivering consumer software experience
- Experience partnering with product or program management teams
- Experience managing multiple concurrent programs, projects and development teams in an Agile environment
Preferred Qualifications
- Experience partnering with product and program management teams
- Experience designing and developing large scale, high-traffic applications
- Experience in embedded development in C/C++, or experience with full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations
- Experience in launching new products
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit
https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, VA, Herndon - 220,100.00 - 297,700.00 USD annually