Are you passionate about authorization, programming languages, applying formal verification, program analysis, constraint-solving, and/or theorem proving to real-world problems? Do you want to shape the future of an open-source authorization language that is becoming an industry standard? If so, then we have an exciting opportunity for you. Cedar is an open-source policy language and evaluation engine for authorization that is used across AWS services including Amazon Verified Permissions, AWS Systems Manager, and more. Cedar recently joined the Cloud Native Computing Foundation (CNCF) as a Sandbox project, and we are looking for an Applied Scientist to help advance Cedar's adoption, maturity, and community presence across the cloud-native ecosystem. In this role, you will drive the science and engineering behind Cedar's integration into cloud-native platforms such as Kubernetes, advance Cedar's formal verification and analysis capabilities, and serve as a technical leader and advocate within the CNCF community. You will interact with internal teams and external open-source communities to understand their authorization requirements, propose innovative solutions, create software prototypes, and productize prototypes into production systems. In addition, you will support and scale your solutions to meet the ever-growing demand of customer use.
Key job responsibilities Technical Responsibilities
- Drive the design and development of Cedar's integration into cloud-native authorization environments, including Kubernetes and other CNCF ecosystem projects.
- Advance Cedar's formal verification, SMT-based analysis, and policy validation capabilities to raise the bar for authorization assurance.
- Interact with various teams to develop an understanding of their security, authorization, and policy requirements.
- Apply the acquired knowledge to build tools that find problems, or show the absence of security/safety problems, in authorization policies and systems.
- Implement these tools through the use of SAT, SMT, and various concepts from programming languages, theorem proving, formal verification, and constraint solving.
- Create software prototypes to verify and validate devised solutions; integrate prototypes into production systems using standard software development tools and methodologies.
- Contribute to Cedar's open-source codebase as a maintainer, driving code quality, review standards, and technical direction. Leadership & Community Responsibilities
- Represent Cedar and AWS at technical conferences, including CNCF events such as KubeCon, and advocate for Cedar adoption across the cloud-native community.
- Can present and defend company-wide technical decisions to the internal technical community and represent the company effectively at technical conferences.
- Functional thought leader, sought after for key tech decisions. Can successfully sell ideas to an executive-level decision maker.
- Mentor and train the research scientist community on complex technical issues.
- Collaborate with the open-source community to advance Cedar's CNCF project maturity (Sandbox → Incubation → Graduated).
- Build and maintain relationships with cloud-native developers, contributors, and organizations to drive Cedar adoption and gather feedback.
A day in the life You will be working on cutting-edge technology at the intersection of formal methods, automated reasoning, authorization, and cloud-native systems. You will collaborate with fellow applied scientists and engineers to solve challenging problems that provide value to customers by improving the security and usability of authorization. You will engage with the open-source community, contribute to Cedar's CNCF journey, and have an opportunity to publish your work and present at leading industry conferences.
About the team The Cedar team builds and maintains Cedar, an open-source policy language and evaluation engine for authorization. Cedar is designed to be ergonomic, fast, and analyzable, backed by automated reasoning and formal verification. Cedar is used across multiple AWS services and has joined the CNCF as a Sandbox project, with the goal of becoming a Graduated project and an industry standard for authorization. The team works at the intersection of programming languages, formal methods, and cloud-native infrastructure.
Basic Qualifications
- PhD, or Master's degree and 6+ years of applied research experience
- Experience programming in Java, C++, Python, Rust, Go, or related language
- Experience in any of the following areas: algorithms and data structures, parsing, numerical optimization, data mining, parallel and distributed computing, high-performance computing
- Experience in patents or publications at top-tier peer-reviewed conferences or journals
Preferred Qualifications
- 5+ years of industry or academic research experience
- Experience in professional software development
- Experience with authorization systems, policy languages, or access control frameworks (e.g., Cedar, OPA/Rego, RBAC/ABAC/ReBAC systems)
- Experience contributing to or maintaining open-source projects, particularly within the CNCF or Kubernetes ecosystem
- Demonstrated community leadership in cloud-native or open-source communities (e.g., CNCF Ambassador, SIG/WG chair, conference speaker)
- Experience with formal verification, SMT solvers, or automated reasoning applied to policy analysis or software correctness
- Familiarity with Kubernetes authorization architecture, admission control, or API machinery
- Track record of public speaking, technical advocacy, or developer relations at industry conferences
Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice (https://www.amazon.jobs/en/privacy_page) to know more about how we collect, use and transfer the personal data of our candidates.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.