Amritha Lal
San Jose,CA
Summary
Security professional with 11+ years of experience securing large-scale AWS cloud infrastructure, with deep expertise in Identity and Access Management (IAM) and data protection. A subject matter expert in IAM for AWS services, including Amazon RDS and other core database and analytics services. Currently leading security strategy for Multi-Agent AI systems, with a focus on building resilient, identity-aware control planes and securing services that manage agent memory and interaction state.
Overview
14
14
years of professional experience
1
1
Certification
Work History
Sr.Security Engineer(SECENG III)
Amazon Web Services
12.2023 - Current
- Embedded in the AWS Database and Analytics org to lead shift-left security across core services, driving early-stage secure architecture design and threat modeling across engineering teams.
- Lead security strategy for Multi-Agent AI systems, focusing on identity-aware control planes and securing services that manage agent memory and interaction state.
- Partnered with the services to develop credential isolation and zero trust approaches in distributed, multi-tenant service architectures.
- Serve as IAM subject matter expert for escalations, incident response, and org-wide security design decisions.
Principal Security Engineer
SunPower Corporation
03.2023 - 12.2023
- Built and executed data security strategies for Snowflake, Salesforce CRM, and SharePoint, covering classification and lineage mapping, anonymization, and access restrictions for customer data.
- Scoped and reduced excessive access across enterprise systems, enforcing least privilege and improving access hygiene.
- Led Salesforce security posture assessment, addressing misconfigurations, data exposure risks, and platform-level controls to strengthen customer data privacy.
- Defined and scaled security testing strategies for web apps, APIs, and AWS infrastructure, covering vulnerability scanning, misconfiguration checks, and runtime analysis.
- Collaborated cross-functionally to refine security policies and foster a security mindset across teams.
Identity Security Engineer (SECENG III)
Amazon Web Services
02.2022 - 03.2023
- Automated managed identity policy evaluation and designed a continuous policy-as-code audit framework integrated into CI/CD pipelines to reduce manual approval overhead and ensure consistent enforcement.
- Reviewed authentication and authorization strategies for AWS services, ensuring secure integration with AWS Identity, including IAM, Organizations, RAM and STS.
- Contributed to authentication strategy improvements by evaluating FIDO2 and passkey adoption for AWS Identity Center and MFA for AWS IAM users.
Product Security Engineer (SECENG II)
Amazon Web Services
07.2019 - 11.2021
- Dedicated security engineering for high visibility AWS products like RDS and EMR on AWS Outpost, RDS Custom and RDS on VMWare.
- Overhauled security architecture for complex, high-revenue AWS services, including RDS, Glue, and EMR, while operating as the single-point security owner.
- Collaborated with Platform and Operating Systems to design and implement isolation and sandboxing controls for systems with engine, container, or cluster-level trust boundaries, to reduce the blast radius and prevent cross-tenant and control plane impact in the event of a boundary escape.
- Delivered frontline support across the product security lifecycle: Design Review, Threat Modeling, Code Review and Risk assessment.
Application Security Engineer (SECENG II)
Amazon Inc
05.2017 - 07.2019
- Designed secure by default AWS cloud formation templates for legacy services migrating to the cloud and presented the work across multiple Amazon Conferences to promote adoption.
- Framed secure transfer and usage guidance for Amazon legacy services migrated to AWS Cloud.
- Reviewed and revamped the security posture of Amazon payments and internal Data Custodianship services.
- Reviewed and securely designed services that ingested third party customer data collected through LogIn/SignUp through Amazon to ensure data privacy as it is transferred over to the third party.
- Identified a significant privacy concern in the Amazon Retail Gift Return service and optimized the process to prevent unintended customer data exposure.
Application Security Engineer
Quidsi, Inc, Amazon Company
05.2014 - 05.2017
- Owned end-to-end security for Quidsi, leading all security engineering efforts including infrastructure, network, third-party vendor assessments, and product security.
- Led the secure migration of all services from Quidsi’s on-prem and co-located Data centers to AWS Cloud, acting as the sole security engineer supporting the transition.
Database Teaching Assistant
Johns Hopkins Whiting School Of Engineering
09.2012 - 12.2012
- Assisted in teaching core database concepts through personalized support and technical guidance.
- Evaluated projects and assignments, delivering actionable feedback to improve student outcomes.
Software Development Engineer - Intern
Infosys Limited
01.2012 - 06.2012
- Gained foundational experience in Java/J2EE, working with JSP, Servlets, Java Beans, and JNDI.
- Built a simulation tool for mobile ad-hoc networks using DSDV protocol as part of a final-semester project.
Education
LEAD - Executive Leadership -
Stanford Graduate School of Business
03.2024
Masters in Security Informatics -
Johns Hopkins University - Whiting School of Engineering
01.2014
Bachelors in Information Technology -
Karunya University
05.2012
Skills
- Application Security Testing
- Design Review
- Code Review
- Threat Modeling
- Cryptography
- Penetration Testing
- Identity Policies
- Authentication Protocols
Certification
- SANS GIAC GXPN | ADVANCED PENETRATION TESTING AND EXPLOIT WRITING
- SANS GIAC GWAPT | WEB APPLICATION PENTESTING AND ETHICAL HACKING
- AWS SOLUTIONS ARCHITECT
- PYTHON SCRIPTING EXPERT (SPSE)
Timeline
Sr.Security Engineer(SECENG III)
Amazon Web Services
12.2023 - Current
Principal Security Engineer
SunPower Corporation
03.2023 - 12.2023
Identity Security Engineer (SECENG III)
Amazon Web Services
02.2022 - 03.2023
Product Security Engineer (SECENG II)
Amazon Web Services
07.2019 - 11.2021
Application Security Engineer (SECENG II)
Amazon Inc
05.2017 - 07.2019
Application Security Engineer
Quidsi, Inc, Amazon Company
05.2014 - 05.2017
Database Teaching Assistant
Johns Hopkins Whiting School Of Engineering
09.2012 - 12.2012
Software Development Engineer - Intern
Infosys Limited
01.2012 - 06.2012
LEAD - Executive Leadership -
Stanford Graduate School of Business
Masters in Security Informatics -
Johns Hopkins University - Whiting School of Engineering
Bachelors in Information Technology -
Karunya University
Similar Profiles
Francisco Javier Chavero, Jr.Francisco Javier Chavero, Jr.
Environmental Program Manager (EPM) at Amazon Web Services (AWS), Amazon Data Services, Inc.Environmental Program Manager (EPM) at Amazon Web Services (AWS), Amazon Data Services, Inc.
Manish KulshreshthaManish Kulshreshtha
Head - Enterprise Support (Mid and Large Enterprise Business) at Amazon Web Services (Amazon Internet Services Pvt. Ltd.)Head - Enterprise Support (Mid and Large Enterprise Business) at Amazon Web Services (Amazon Internet Services Pvt. Ltd.)
DEEPA KARUNAKARANDEEPA KARUNAKARAN
Customer Solutions Manager (Customer facing Program Manager) at Amazon Inc. (Strategic Accounts, Amazon Web Services)Customer Solutions Manager (Customer facing Program Manager) at Amazon Inc. (Strategic Accounts, Amazon Web Services)
Robert GoodwinRobert Goodwin
Global Lead, Specialist Solutions Architect WWPS Secure Hybrid Cloud at AMAZON WEB SERVICES AMAZON INCGlobal Lead, Specialist Solutions Architect WWPS Secure Hybrid Cloud at AMAZON WEB SERVICES AMAZON INC
Gabriela M. RiosGabriela M. Rios
Customer Solutions Specialist at United Site ServicesCustomer Solutions Specialist at United Site Services