We are looking for a Policy Engineer (Cedar Implementation) to join our team building an Enterprise Agent Development Platform — a production-grade, cloud-native ecosystem that enables engineering teams to define, orchestrate, deploy, and observe AI agents at scale.
The platform standardizes agent development across the organization using LangGraph and Strands Agents on AWS AgentCore Runtime, providing a single-file developer experience where the platform handles runtime, tooling, observability, and deployment automatically. The initiative spans agent framework design, runtime architecture, marketplace integration, CI/CD automation, and enterprise-grade observability — reducing agent development from months to days while enforcing consistent security, quality, and governance standards.
Responsibilities
- Implement a baseline Cedar policy library and establish policy authoring standards for the platform
- Author, test, and maintain Cedar policies to enforce consistent authorization across agent workloads
- Integrate identity providers such as Entra, Okta, and Cognito into the policy framework
- Define and manage ABAC and RBAC models to support enterprise-grade access control
- Configure and operate AWS AgentCore Policy in LOG_ONLY and ENFORCE modes
- Develop Python-based tooling for policy validation, testing, and lifecycle management
- Design parameter-level access control patterns to secure agent interactions
- Map MS Entra claims to policy attributes for fine-grained authorization decisions
- Collaborate with platform, security, and engineering teams to align policies with governance and compliance standards
Requirements
- 3+ years of experience in security engineering or backend engineering
- Proficiency in Cedar policy language, including authoring and testing
- Expertise in identity provider integration with Entra, Okta, and Cognito
- Skills in policy definition using ABAC or RBAC systems
- Hands-on experience with Open Policy Agent (OPA) or Cedar
- Background in Amazon Web Services, including AWS AgentCore Policy LOG_ONLY and ENFORCE modes
- Competency in Python for policy validation tooling
- Understanding of MS Entra claims mapping and parameter-level access control patterns
- Excellent command of written and spoken English (B2+ level)
Nice to have
- Familiarity with LangGraph tool invocation patterns
- Knowledge of AWS AgentCore Gateway integration