Social
Automated reasoning

New AWS tool recommends removal of unused permissions

IAM Access Analyzer feature uses automated reasoning to recommend policies that remove unused accesses, helping customers achieve “least privilege”.

By Loris D'AntoniChungha Sung
December 19, 2024
7 min read
Share

AWS Identity and Access Management (IAM) policies provide customers with fine-grained control over who has access to what resources in the Amazon Web Services (AWS) Cloud. This control helps customers enforce the principle of least privilege by granting only the permissions required to perform particular tasks. In practice, however, writing IAM policies that enforce least privilege requires customers to understand what permissions are necessary for their applications to function, which can become challenging when the scale of the applications grows.

To help customers understand what permissions are not necessary, we launched IAM Access Analyzer unused access findings at the 2023 re:Invent conference. IAM Access Analyzer analyzes your AWS accounts to identify unused access and creates a centralized dashboard to report its findings. The findings highlight unused roles and unused access keys and passwords for IAM users. For active IAM roles and users, the findings provide visibility into unused services and actions.

Policy checks in context.png
Related content
Custom policy checks help democratize automated reasoning
New IAM Access Analyzer feature uses automated reasoning to ensure that access policies written in the IAM policy language don’t grant unintended access.

To take this service a step further, in June 2024 we launched recommendations to refine unused permissions in Access Analyzer. This feature recommends a refinement of the customer’s original IAM policies that retains the policy structure while removing the unused permissions. The recommendations not only simplify removal of unused permissions but also help customers enact the principle of least privilege for fine-grained permissions.

In this post, we discuss how Access Analyzer policy recommendations suggest policy refinements based on unused permissions, which completes the circle from monitoring overly permissive policies to refining them.

Policy recommendation in practice

Let's dive into an example to see how policy recommendation works. Suppose you have the following IAM policy attached to an IAM role named MyRole:

{
  "Version": "2012-10-17",
  "Statement": [
   {
      "Effect": "Allow",
      "Action": [
        "lambda:AddPermission",
        "lambda:GetFunctionConfiguration",
        "lambda:UpdateFunctionConfiguration",
        "lambda:UpdateFunctionCode",
        "lambda:CreateFunction",
        "lambda:DeleteFunction",
        "lambda:ListVersionsByFunction",
        "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
   },
  {
    "Effect" : "Allow",
    "Action" : [
      "s3:Get*",
      "s3:List*"
    ],
    "Resource" : "*"
  }
 ]
}



        
The above policy has two policy statements:
  • The first statement allows actions on a function in AWS Lambda, an AWS offering that provides function execution as a service. The allowed actions are specified by listing individual actions as well as via the wildcard string lambda:Invoke*, which permits all actions starting with Invoke in AWS Lambda, such as lambda:InvokeFunction.
  • The second statement allows actions on any Amazon Simple Storage Service (S3) bucket. Actions are specified by two wildcard strings, which indicate that the statement allows actions starting with Get or List in Amazon S3.
Enabling Access Analyzer for unused finding will provide you with a list of findings, each of which details the action-level unused permissions for specific roles. For example, for the role with the above policy attached, if Access Analyzer finds any AWS Lambda or Amazon S3 actions that are allowed but not used, it will display them as unused permissions.

            

  

    

        

        

          

            
              

                  Related content
              

            
            
                
A billion SMT queries a day

            

            
    
Amazon Web Services (AWS) is a cloud computing services provider that has made significant investments in applying formal methods to proving correctness of its internal systems and providing assurance of correctness to their end-users. In this paper, we focus on how we built abstractions and eliminated specifications to scale a verification engine for AWS access policies, Zelkova, to be usable by all AWS



          

        

    

  




        
The unused permissions define a list of actions that are allowed by the IAM policy but not used by the role. These actions are specific to a namespace, a set of resources that are clustered together and walled off from other namespaces, to improve security. Here is an example in Json format that shows unused permissions found for MyRole with the policy we attached earlier:

            

    
[
 {
    "serviceNamespace": "lambda",
    "actions": [
      "UpdateFunctionCode",
      "GetFunction",
      "ListVersionsByFunction",
      "UpdateFunctionConfiguration",
      "CreateFunction",
      "DeleteFunction",
      "GetFunctionConfiguration",
      "AddPermission"
    ]
  },
  {
    "serviceNamespace": "s3",
    "actions": [
        "GetBucketLocation",
        "GetBucketWebsite",
        "GetBucketPolicyStatus",
        "GetAccelerateConfiguration",
        "GetBucketPolicy",
        "GetBucketRequestPayment",
        "GetReplicationConfiguration",
        "GetBucketLogging",
        "GetBucketObjectLockConfiguration",
        "GetBucketNotification",
        "GetLifecycleConfiguration",
        "GetAnalyticsConfiguration",
        "GetBucketCORS",
        "GetInventoryConfiguration",
        "GetBucketPublicAccessBlock",
        "GetEncryptionConfiguration",
        "GetBucketAcl",
        "GetBucketVersioning",
        "GetBucketOwnershipControls",
        "GetBucketTagging",
        "GetIntelligentTieringConfiguration",
        "GetMetricsConfiguration"
    ]
  }
]




        
This example shows actions that are not used in AWS Lambda and Amazon S3 but are allowed by the policy we specified earlier.

            

  

    

        
            

                
                    
    
        Neha Rungta
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
For Neha Rungta, it's the journey that matters

            

            
    
Rungta had a promising career with NASA, but decided the stars aligned for her at Amazon.



          

        

    

  




        
How could you refine the original policy to remove the unused permissions and achieve least privilege? One option is manual analysis. You might imagine the following process:
  • Find the statements that allow unused permissions;
  • Remove individual actions from those statements by referencing unused permissions.
This process, however, can be error prone when dealing with large policies and long lists of unused permissions. Moreover, when there are wildcard strings in a policy, removing unused permissions from them requires careful investigation of which actions should replace the wildcard strings.
Policy recommendation does this refinement automatically for customers!
The policy below is one that Access Analyzer recommends after removing the unused actions from the policy above (the figure also shows the differences between the original and revised policies):

            

    
{
  "Version": "2012-10-17",
  "Statement" : [
   {
      "Effect" : "Allow",
      "Action" : [
-       "lambda:AddPermission",
-       "lambda:GetFunctionConfiguration",
-       "lambda:UpdateFunctionConfiguration",
-       "lambda:UpdateFunctionCode",
-       "lambda:CreateFunction",
-       "lambda:DeleteFunction",
-       "lambda:ListVersionsByFunction",
-       "lambda:GetFunction",
        "lambda:Invoke*"
      ],
      "Resource" : "arn:aws:lambda:us-east-1:123456789012:function:my-lambda"
    },
    {
     "Effect" : "Allow",
     "Action" : [
-      "s3:Get*",
+      "s3:GetAccess*",
+      "s3:GetAccountPublicAccessBlock",
+      "s3:GetDataAccess",
+      "s3:GetJobTagging",
+      "s3:GetMulti*",
+      "s3:GetObject*",
+      "s3:GetStorage*",
       "s3:List*"
     ],
     "Resource" : "*"
   }
  ]
}




        
Let’s take a look at what’s changed for each policy statement.
For the first statement, policy recommendation removes all individually listed actions (e.g., lambda:AddPermission), since they appear in unused permissions. Because none of the unused permissions starts with lambda:Invoke, the recommendation leaves lambda:Invoke* untouched.
For the second statement, let’s focus on what happens to the wildcard s3:Get*, which appears in the original policy. There are many actions that can start with s3:Get, but only some of them are shown in the unused permissions. Therefore, s3:Get* cannot just be removed from the policy. Instead, the recommended policy replaces s3:Get* with seven actions that can start with s3:Get but are not reported as unused.

            

  

    

        
            

                
                    
    
        Automated Reasoning 
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
How AWS’s Automated Reasoning Group helps make AWS and other Amazon products more secure

            

            
    
Amazon scientists are on the cutting edge of using math-based logic to provide better network security, access management, and greater reliability.



          

        

    

  




        
Some of these actions (e.g., s3:GetJobTagging) are individual ones, whereas others contain wildcards (e.g., s3:GetAccess* and s3:GetObject*). One way to manually replace s3:Get* in the revised policy would be to list all the actions that start with s3:Get except for the unused ones. However, this would result in an unwieldy policy, given that there are more than 50 actions starting with s3:Get.
Instead, policy recommendation identifies ways to use wildcards to collapse multiple actions, outputting actions such as s3:GetAccess* or s3:GetMulti*. Thanks to these wildcards, the recommended policy is succinct but still permits all the actions starting with s3:Get that are not reported as unused.
How do we decide where to place a wildcard in the newly generated wildcard actions? In the next section, we will dive deep on how policy recommendation generalizes actions with wildcards to allow only those actions that do not appear in unused permissions.
A deep dive into how actions are generalized
Policy recommendation is guided by the mathematical principle of “least general generalization” — i.e., finding the least permissive modification of the recommended policy that still allows all the actions allowed by the original policy. This theorem-backed approach guarantees that the modified policy still allows all and only the permissions granted by the original policy that are not reported as unused.
To implement the least-general generalization for unused permissions, we construct a data structure known as a trie, which is a tree each of whose nodes extends a sequence of tokens corresponding to a path through the tree. In our case, the nodes represent prefixes shared among actions, with a special marker for actions reported in unused permissions. By traversing the trie, we find the shortest string of prefixes that does not contain unused actions.
The diagram below shows a simplified trie delineating actions that replace the S3 Get* wildcard from the original policy (we have omitted some actions for clarity):

            

    

        
    
        Access Analyzer trie.png
    


        

        
    


    
        
A trie delineating actions that can replace the Get* wildcard in an IAM policy. Nodes containing unused actions are depicted in orange; the remaining nodes are in green.

    


        
At a high level, the trie represents prefixes that are shared by some of the possible actions starting with s3:Get. Its root node represents the prefix Get; child nodes of the root append their prefixes to Get. For example, the node named Multi represents all actions that start with GetMulti.

            

  

    

        
            

                
                    
    
        Elliptic-curve addition.gif
    

                
            

        

        

          

            
              

                  Related content
              

            
            
                
Better-performing “25519” elliptic-curve cryptography

            

            
    
Automated reasoning and optimizations specific to CPU microarchitectures improve both performance and assurance of correct implementation.



          

        

    

  




        
We say that a node is safe (denoted in green in the diagram) if none of the unused actions start with the prefix corresponding to that node; otherwise, it is unsafe (denoted in orange). For example, the node s3:GetBucket is unsafe because the action s3:GetBucketPolicy is unused. Similarly, the node ss is safe since there are no unused permissions that start with GetAccess.
We want our final policies to contain wildcard actions that correspond only to safe nodes, and we want to include enough safe nodes to permit all used actions. We achieve this by selecting the nodes that correspond to the shortest safe prefixes—i.e., nodes that are themselves safe but whose parents are not. As a result, the recommended policy replaces s3:Get* with the shortest prefixes that do not contain unused permissions, such as s3:GetAccess*, s3:GetMulti* and s3:GetJobTagging.
Together, the shortest safe prefixes form a new policy that, while syntactically similar to the original policy, is the least-general generalization to result from removing the unused actions. In other words, we have not removed more actions than necessary.
You can find how to start using policy recommendation with unused access in Access Analyzer. To learn more about the theoretical foundations powering policy recommendation, be sure to check out our science paper.

    



                            
                        

                    
                


                
                    

                        

    

    

        Research areas
    


    
        
    



                    

                

                
                    

                        

    

    

        Tags
    


    
        
    



                    

                

                
                    

                        
                    

                

                
                    
About the Author

                    

                        
                            
    

        

            
                

                    Loris D'Antoni
                

            
            
            
                

                    Loris D'Antoni is an associate professor of computer science and engineering at the University of California, San Diego, and an Amazon Visiting Academic.
                

            
        

    



                        
                            
    

        

            
                

                    Chungha Sung
                

            
            
            
                

                    Chungha Sung is a senior applied scientist with Amazon Web Services.
                

            
        

    



                        
                    

                
            

        


        
    

    
    



    

        
Related content

        
    




    
        
    

    



    
    



    

        
Work with us
See more jobs
        
            See more jobs
        
    




    
        

            

                
                    

                        

    

    

        
            

                Senior Applied Scientist, AGI Customization
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, Sunnyvale

            
        


        
    
The Artificial General Intelligence (AGI) Customization Team is seeking a highly skilled and experienced Applied Scientist to support adoption and enable customization of Amazon Nova. The role focuses on developing state-of-the-art services and tools for model customization, including supervised fine-tuning, reinforcement learning, and knowledge distillation across large language models. As an Applied Scientist, you will play a important role in developing advanced customization capabilities that enable enterprises to build highly performant application-specific models without the need for training models from scratch. Your work will directly impact how companies leverage Amazon Nova models for their specific use cases. Key job responsibilities - Contribute to the development of novel customization techniques including extended post-training, continued pre-training, and advanced knowledge distillation - Collaborate with cross-functional teams to design and implement enterprise-ready tooling for various training techniques on Amazon SageMaker - Design and execute experiments to optimize model accuracy, latency, and cost across different customization approaches (SFT, DPO, PPO) - Develop and enhance preference learning algorithms and training curricula for customer-specific applications - Create robust evaluation frameworks for assessing model performance across different domains and use cases - Contribute to the development of the Responsible AI toolkit, including creating training and evaluation datasets for model alignment - Design and implement secure access mechanisms for early model checkpoints and weights - Communicate technical insights and results to both technical and non-technical stakeholders through presentations and documentation




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist II
            

        

        

            
                
                    

                
            

            

            

            

            
                
IN, KA, Bengaluru

            
        


        
    
Amazon is seeking a passionate and inventive Applied Scientist II with a strong machine learning background to build industry-leading Speech and Language technology. Our mission is to deliver delightful customer experiences by advancing Automatic Speech Recognition (ASR), Natural Language Understanding (NLU), Machine Learning (ML), and Computer Vision (CV). You will work alongside internationally recognized experts to develop novel algorithms and modeling techniques that advance the state-of-the-art in human language technology. Your work will directly impact millions of customers through products and services powered by speech and language technology. You will gain hands-on experience with Amazon's heterogeneous speech, text, and structured data sources, and leverage large-scale computing resources to accelerate advances in spoken language understanding. We are hiring across all areas of human language technology: ASR, Machine Translation (MT), NLU, Text-to-Speech (TTS), Dialog Management, and Computer Vision. We also seek talent experienced in building large-scale, high-performing systems. Key job responsibilities Basic Qualifications PhD or M.Tech in Computer Science, Electrical Engineering, Mathematics, or Physics with specialization in one or more of: speech recognition, natural language processing, machine translation, time series analysis, signal processing, or machine learning 1-2 years of industry or research experience (including internships, co-ops, or post-doctoral work) in applied ML or related areas Proficiency in programming languages such as Python, C/C++, or Java Strong foundation in machine learning fundamentals and statistical modeling Preferred Qualifications Experience building speech recognition, machine translation, or natural language processing systems (e.g., commercial products, government projects, or published research with working prototypes) Hands-on experience with deep learning frameworks (e.g., PyTorch, TensorFlow) Track record of publications in top-tier conferences (e.g., NeurIPS, ICML, ACL, Interspeech, CVPR) Scientific thinking with demonstrated ability to innovate and contribute to advancing the field Solid software development practices and experience shipping production-quality code Strong written and verbal communication skills A day in the life 0




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Senior Economist, Decision Science - Devices
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, CA, San Jose

            
        


        
    
Are you excited about making business decisions using science and data? Are you interested in supporting consumer device concepts from idea inception to launch? Do you want to work on a Science Product team focused on scaling statistics and econometrics with custom tools? If so, this may be the role for you! Amazon.com strives to be Earth's most customer-centric company. The Amazon Devices and Services team focuses on delighting customer by enabling seamless functionality in supplying, entertaining, and managing the home -- and beyond. We seek and hire the world's brightest minds, offering them a fast-paced, technologically-sophisticated, and friendly work environment, where economic theory meets real-world industry. The Decision Science team in Devices owns demand estimates and pricing recommendations of concept devices before customers know they exist. We support devices and services ranging from Echo Frames to Kindle Paperwhite to Blink Video Camera …all prior to launch. We are a cross-functional Product team working to scale Econometrics through Amazon and beyond by incorporating Science into internal facing tools and making it easier for others to do so as well. In this role, you will have input in decision meetings with Amazon senior leadership, which include go/no-go decisions for brand new devices and services and build volume decisions for manufacture prior to receiving any customer signal. You will have direct input to pricing decisions. You will leverage Science and Tools produced by the Decision Science team such as conjoint demand models to produce these recommendations. You will work with Scientists, Economists, Product Managers, and Software Developers to provide meaningful feedback about stakeholder problems to inform business solutions and increase the velocity, quality, and scope behind our recommendations. You will also have the opportunity to work on special projects to both guide the business and advance your own knowledge and understanding of specific topics. Key job responsibilities Applies expertise to develop econometric/machine learning models to measure the demand of devices and the business; Reviews models and results for other scientists, mentors junior scientists; Generates economic insights for the Devices and Services business and work with stakeholders to run the business for effectively; Describes strategic importance of vision inside and outside of team; and, Identifies business opportunities, defines the problem and how to solve it; Engages with senior scientists, business leadership outside Devices and Services to understand interplay between different business units.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                2027 Applied Science Intern (Machine Learning, Recommender Systems), Amazon International Machine Learning
            

        

        

            
                
                    

                
            

            

            

            

            
                
AU, VIC, Melbourne

            
        


        
    
Are you excited about leveraging and extending state-of-the-art Deep Learning, Information Retrieval, Natural Language Processing, Computer Vision algorithms to solve customer problems at the scale of Amazon? As an Applied Scientist Intern, you will be working in the Melbourne office in a fast-paced, cross-disciplinary team of experienced R&D scientists. You will take on complex problems, work on solutions that leverage existing academic and industrial research, and utilize your own out-of-the-box pragmatic thinking. In addition to coming up with novel solutions and prototypes, you may even deliver these to production in customer facing products. Key job responsibilities - Develop novel solutions and build prototypes - Work on complex problems in Deep Learning and Generative AI - Contribute to research that could significantly impact Amazon operations - Collaborate with a diverse team of experts in a fast-paced environment - Present your research findings to both technical and non-technical audiences - Collaborate with scientists on writing and submitting papers to top ML conferences, e.g. NeurIPS, ICML, ICLR, AISTATS, ACL ICCV, CVPR, KDD. Key Opportunities: - Work in a team of ML scientists to solve applied science problems at the scale of Amazon - Access to Amazon services and hardware - Potentially deliver solutions to production in customer-facing applications - Opportunities to be hired full-time after the internship Join us in shaping the future of AI at Amazon. Apply now and turn your research into real-world solutions!




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist, Prime Video - Content Localization, Understanding & Enrichment 
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Seattle

            
        


        
    
Prime Video is a first-stop entertainment destination offering customers a vast collection of premium programming in one app available across thousands of devices. Prime members can customize their viewing experience and find their favorite movies, series, documentaries, and live sports – including Amazon MGM Studios-produced series and movies; licensed fan favorites; and programming from Prime Video subscriptions such as Apple TV+, HBO Max, Peacock, Crunchyroll and MGM+. All customers, regardless of whether they have a Prime membership or not, can rent or buy titles via the Prime Video Store, and can enjoy even more content for free with ads. Are you interested in shaping the future of entertainment? Prime Video's technology teams are creating best-in-class digital video experience. As a Prime Video team member, you’ll have end-to-end ownership of the product, user experience, design, and technology required to deliver state-of-the-art experiences for our customers. You’ll get to work on projects that are fast-paced, challenging, and varied. You’ll also be able to experiment with new possibilities, take risks, and collaborate with remarkable people. We’ll look for you to bring your diverse perspectives, ideas, and skill-sets to make Prime Video even better for our customers. With global opportunities for talented technologists, you can decide where a career Prime Video Tech takes you! Key job responsibilities - Lead research and development of speech and audio generation technology and end-to-end speech-to-speech architecture - Develop audio processing solutions for production environments, including source separation, enhancement, and mixing - Define the research roadmap for your area, identify high-impact problems, and communicate technical direction to senior leadership - Publish research, contribute to the broader scientific community, and bring external advances into production systems - Hire, mentor, and develop applied scientists. Grow the team's capabilities to meet evolving customer and business needs About the team This team's mission is to deeply understand all content and empower all customers with relevant language options, innovative accessibility assists, and rich title-information across all their content-experiences on Prime Video. We create and publish content on-time that's meaningful, accurate, and accessible to every customer globally. We delight our customers by pushing the boundaries of content understanding and enrichment. Through inclusion and innovation, we do the most fulfilling work of our career.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist I, Prime Video - Playback Intelligence 
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Seattle

            
        


        
    
Prime Video is a first-stop entertainment destination offering customers a vast collection of premium programming in one app available across thousands of devices. Prime members can customize their viewing experience and find their favorite movies, series, documentaries, and live sports – including Amazon MGM Studios-produced series and movies; licensed fan favorites; and programming from Prime Video add-on subscriptions such as Apple TV+, Max, Crunchyroll and MGM+. All customers, regardless of whether they have a Prime membership or not, can rent or buy titles via the Prime Video Store, and can enjoy even more content for free with ads. Are you interested in shaping the future of entertainment? Prime Video's technology teams are creating best-in-class digital video experience. As a Prime Video technologist, you’ll have end-to-end ownership of the product, user experience, design, and technology required to deliver state-of-the-art experiences for our customers. You’ll get to work on projects that are fast-paced, challenging, and varied. You’ll also be able to experiment with new possibilities, take risks, and collaborate with remarkable people. We’ll look for you to bring your diverse perspectives, ideas, and skill-sets to make Prime Video even better for our customers. With global opportunities for talented technologists, you can decide where a career Prime Video Tech takes you! As a Applied Scientist in the Prime Video Playback Intelligence organization, you will have deep subject matter expertise in applied machine learning and data science, with specializations in video streaming optimization, information retrieval, anomaly detection and root-causing systems, large language models, and generative AI across various modalities. Key job responsibilities * You will work with multiple teams of scientists, engineers, and product managers to translate business and functional requirements into concrete deliverables leading strategic efforts to enhance customer quality of experiences. * Problem spaces you will be working on include: improving the customer playback quality of experience across Video on Demand, Live Events and Linear Content. You’ll aim to reduce the time/cost/effort to optimize the customer experience as well as detect, root-cause, and mitigate defects in the customer experience. You’ll seek to understand the depth and nuance of streaming video at scale and identify opportunities to grow our business and improve customer quality of experience via principled ML/AI solutions. You will also lead integration of new algorithms and processes into existing modeling stacks, simplify and streamline the existing modeling stacks, and develop testing and evaluation strategies. Ultimately, you'll work backwards from the desired outcomes and lead the way on determining the ideal solution (statistical techniques, traditional ML, GenAI, etc). * You will be responsible for defining key research directions, adopting or inventing new machine learning techniques, conducting rigorous experiments, publishing results, and ensuring that research is translated into practice. You will develop long-term strategies, persuade teams to adopt those strategies, propose goals and deliver on them.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist II, Perception
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, MA, N.reading

            
        


        
    
Amazon is on a mission to redefine the future of automation — and we're looking for exceptional talent to help lead the way. We are building the next generation of advanced robotic systems that seamlessly blend cutting-edge AI, sophisticated control systems, and novel mechanical design to create adaptable, intelligent automation solutions capable of operating safely alongside humans in dynamic, real-world environments. At Amazon, we leverage the power of machine learning, artificial intelligence, and advanced robotics to solve some of the most complex operational challenges at a scale unlike anywhere else in the world. Our fleet of robots spans hundreds of facilities globally, working in sophisticated coordination to deliver on our promise of customer excellence — and we're just getting started. As a Applied Scientist in Robot Perception, you will be at the forefront of this transformation. You will develop and deploy state-of-the-art perception algorithms that enable robots to truly understand and interact with the physical world — bridging the gap between theoretical research and real-world impact. Bringing deep expertise in Computer Vision and a nuanced understanding of the capabilities and limitations of modern Vision-Language Models (VLMs), you will innovate boldly and push the boundaries of what's possible. Our vision for the Perception layer is ambitious: to enable seamless, intelligent interaction between the user, the robot, and its environment. This is a rare opportunity to work at the intersection of deep learning, large language models, and robotics — contributing to research that doesn't just advance the field, but reshapes it. You will collaborate with world-class teams pioneering breakthroughs in dexterous manipulation, locomotion, and human-robot interaction, all at an unprecedented scale. Join us in building intelligent robotic systems that will define the future of automation and human-robot collaboration. Key job responsibilities - Design, develop, and deploy perception algorithms for robotics systems, including object detection, segmentation, tracking, depth estimation, and scene understanding - Lead research initiatives in computer vision, sensor fusion and 3D perception - Collaborate with cross-functional teams including robotics engineers, software engineers, and product managers to define and deliver perception capabilities - Drive end-to-end ownership of ML models — from data collection and labeling strategy to training, evaluation, and deployment - Mentor junior scientists and engineers; contribute to a culture of technical excellence - Define and track key metrics to measure perception system performance in real-world environments - Publish research findings in top-tier venues (CVPR, ICCV, ECCV, ICRA, NeurIPS, etc.) and contribute to patents A day in the life - Train ML models for deployment in simulation and real-world robots, identify and document their limitations post-deployment - Drive technical discussions within your team and with key stakeholders to develop innovative solutions to address identified limitations - Actively contribute to brainstorming sessions on adjacent topics, bringing fresh perspectives that help peers grow and succeed — and in doing so, build lasting trust across the team - Mentor team members while maintaining significant hands-on contribution to technical solutions




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Science Manager , C360
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Seattle

            
        


        
    
We are working on improving shopping on Amazon using the conversational capabilities of large language models and through customer behavioral data to make them more personalized for each customer. We are searching for pioneers who are passionate about technology, innovation, and customer experience, and are ready to make a lasting impact on the industry. In this role, you will be managing a team working on Large Language Model (LLM) and/or Vision-Language Model (VLM) post-training and alignment for new shopping experiences. You’ll be working with talented scientists, engineers, and technical program managers (TPM) to innovate on behalf of our customers. If you’re fired up about being part of a dynamic, driven team, then this is your moment to join us on this exciting journey!




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Sr Data Scientist, Amazon Publisher Services
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, NY, New York

            
        


        
    
External job description Job summary Amazon Publisher Services (APS) helps digital publishers around the world build and grow thriving businesses. We provide services and advanced technologies to web, mobile app and advanced TV publishers of all sizes, including many of comScore’s global top 100, to help them monetize their content with demand from multiple programmatic buyers. Our server-side header bidding solutions are fast and reliable across devices, handling billions of queries per day, delivering ads in milliseconds. The result is more profitable advertising for publishers and more relevant ads for customers. As a Data Scientist on this team, you will: • Solve real-world problems by getting and analyzing large amounts of data, diving deep to identify business insights and opportunities, design simulations and experiments, developing statistical and ML models by tailoring to business needs, and collaborating with Scientists, Engineers, BIE's, and Product Managers. • Write code (Python, R, Scala, etc.) to analyze data and build statistical models to solve specific business problems. • Apply statistical and machine learning knowledge to specific business problems and data. • Build decision-making models and propose solution for the business problem you define. • Retrieve, synthesize, and present critical data in a format that is immediately useful to answering specific questions or improving system performance. • Analyze historical data to identify trends and support optimal decision making. • Formalize assumptions about how our systems are expected to work, create statistical definition of the outlier, and develop methods to systematically identify outliers. Work out why such examples are outliers and define if any actions needed. • Given anecdotes about anomalies or generate automatic scripts to define anomalies, deep dive to explain why they happen, and identify fixes. • Conduct written and verbal presentations to share insights to audiences of varying levels of technical sophistication. Why you will love this opportunity: Amazon is investing heavily in building a world-class advertising business. This team defines and delivers a collection of advertising products that drive discovery and sales. Our solutions generate billions in revenue and drive long-term growth for Amazon’s Retail and Marketplace businesses. We deliver billions of ad impressions, millions of clicks daily, and break fresh ground to create world-class products. We are a highly motivated, collaborative, and fun-loving team with an entrepreneurial spirit - with a broad mandate to experiment and innovate. Impact and Career Growth: You will invent new experiences and influence customer-facing shopping experiences to help suppliers grow their retail business and the auction dynamics that leverage native advertising; this is your opportunity to work within the fastest-growing businesses across all of Amazon! Define a long-term science vision for our advertising business, driven from our customers' needs, translating that direction into specific plans for research and applied scientists, as well as engineering and product teams. This role combines science leadership, organizational ability, technical strength, product focus, and business understanding. About the team The Marketplace Services team within Amazon Publisher Services organization primarily focuses on improving monetization for our STV, Web, Mobile and Audio publisher customers. We directly work with 60+ 3p buyers to enable optimal connectivity for publishers to improve their yield. We also own products such as Connections Marketplace (CxM) and Signal IQ that help publishers connect to myriad of 3p and 1p ad tech vendors to boost their bid request quality, while measuring the value of each signal on their bid stream through rigorous A/B testing. Internal job description The candidate would work with Product, Engineering, BIEs and Scientist across Supply and Demand organization to help make APS the best performing supply path for Amazon ads advertiser customers. They would spearhead efforts to conduct experiments alongside demand and measurement teams to identify optimal perfomance path for advertisers while improving APS Share of Wallet. About the team The Marketplace Services team within Amazon Publisher Services organization primarily focuses on improving monetization for our STV, Web, Mobile and Audio publisher customers. We directly work with 60+ 3p buyers to enable optimal connectivity for publishers to improve their yield. We also own products such as Connections Marketplace (CxM) and Signal IQ that help publishers connect to myriad of 3p and 1p ad tech vendors to boost their bid request quality, while measuring the value of each signal on their bid stream through rigorous A/B testing.




        

        

        

        
    


    



                    

                
                    

                        

    

    

        
            

                Applied Scientist, Stores Economics & Science (SEAS)
            

        

        

            
                
                    

                
            

            

            

            

            
                
US, WA, Seattle

            
        


        
    
Stores Economics and Science (SEAS) is an interdisciplinary science and engineering team in Amazon's Stores organization with a peak-jumping mission: we apply expertise in science and engineering to move from local to global optima in methods, models, and software. We pursue this mission by leveraging frontier science; collaborating with partner teams; and learning from the tools, experience, and perspective of others. We scale by solving problems, first in the small to prove concepts, and then in the large by building scalable solutions. We also help other teams within Amazon scale by hiring and developing the best and embedding them in other business units. In 2026, we are focused on economics and science in areas related to (1) lowering cost-to-serve, (2) optimizing selection, and (3) emerging machine learning. We also have some ongoing and highly-leveraged collaborations that help partner teams inside Amazon short-circuit months of R&D or otherwise look around corners. We are looking for an Applied Scientist to build and deliver state-of-the-art science and engineering solutions to improve our Stores business. In this role, you will work in a team of scientists and engineers with backgrounds in machine learning, NLP, IR, statistics, and economics to identify bottlenecks in our business, conceive new ideas to overcome those challenges, and deploy scientific solutions in partnership with product teams. Your responsibilities include developing and maintaining the scientific models, benchmarks, and services. Graduate education or hands-on experience in machine learning, optimization, causal inference, Bayesian statistics, deep learning, or other quantitative scientific fields is a big plus. To be successful in this role, you should be a quick learner and comfortable with a high degree of ambiguity. Key job responsibilities The successful candidate will lead large-scale science initiatives from research to production and translate complex business problems into mathematical frameworks. They will design and implement large-scale algorithms for complex supply chain and marketplace problems, and design incentive-compatible mechanisms for marketplace challenges. The ideal candidate will have a strong publication record in top-tier conferences/journals (INFORMS, EC, WINE, ICML, NeurIPS, etc.) and experience coordinating cross-functional projects. Hands-on experience building science solutions to mechanism design problems (e.g., optimal auction design, welfare maximization under constraints, incentive compatible coordination), with expertise in statistical learning and algorithm development. Leadership responsibilities include influencing technical strategy and roadmaps for complex initiatives, influencing senior stakeholders and shaping technical direction, and fostering team growth.




        

        

        

        
    


    



                    

                
            

        

    

    

        See more jobs
    






        




    

        
            
        
        

            

                
                    

                        

                    

                
            

            
                

                    

                        

  

      
          

              
                  
    
        View from space of a connected network around planet Earth representing the Internet of Things.
    

              
          

      

      

        

          
              
Get more from Amazon Science

          

          
    
Subscribe to our newsletter



        

        
          
        
      

  



                    

                

            
        

    


    

        

        
            
Amazon.com | Conditions of Use | Privacy | © 1996-2026 Amazon.com, Inc. or its affiliates

        
        
            

    
Social