NOMINATION HIGHLIGHTS

Dhivya Chandramouleeswaran is a Security Manager at AWS, where she leads application security for high-impact AI and GenAI platforms including Amazon SageMaker, Kiro, Frontier Agents, AWS Transform, and emerging agentic systems. She manages a team of 15 application security engineers, penetration testers, and developers, and directly influences over 100 software engineers across eight product teams.

Her role requires delivering security at extreme speed. Product launches routinely occur within 15 to 30 days, often before designs are fully finalized, in domains where formal AI and GenAI security standards are still evolving. At this pace, traditional gate-based application security approaches are not viable.

To address this, Dhivya designed and led a developer-first, risk-based application security strategy grounded in realism and measurable outcomes. She created an organization-wide pentest risk prioritization framework that ensures the highest-risk threat scenarios are tested first, even when launch timelines are compressed. This framework enabled consistent, defensible security decision-making across teams while accelerating product launches without unnecessary bureaucracy.

She also led the development of an internal agentic security framework that enables security engineers to rapidly build custom AI-powered security agents tailored to specific products and security outcomes, including code review and threat model generation. These agents integrate directly into developer workflows through infrastructure-as-code and reusable templates. As a result, new security agents can be created in under two hours, significantly improving security coverage while reducing both false positives and false negatives.

The impact has been measurable. Security review cycle time was reduced by 25 percent. For one flagship product, security incidents were reduced by 83 percent in the year following the implementation of her strategy. Developer friction decreased and security engagement velocity increased, as reflected in adoption metrics and delivery timelines.

Beyond delivery, Dhivya leads and participates in incident response, including impact analysis, risk management, and remediation strategy for high-severity security events. She also contributes to open source security strategy at AWS, including contributions to Secure Software Development Framework standards and peer review of CI/CD security frameworks.

Her leadership approach deliberately combines human judgment, automation, and AI to deliver clear security outcomes in fast-moving environments where certainty is rare and tradeoffs must be made thoughtfully. Learnings from real-world incidents, offensive testing, and automated analysis are continuously fed back into tooling, frameworks, and developer guidance, creating a closed feedback loop that improves both security outcomes and operational efficiency.