All interviews
Amazon logo

Amazon

Senior

Architect security-hardened ASIC firmware for Amazon's Leo satellite constellation

Amazon Leo (formerly Project Kuiper) is hiring a senior embedded software engineer to architect security-by-design firmware for its satellite RF systems — ASIC firmware, secure boot, hardware interfaces (I2C/I3C/SPI/UART/USB/JTAG/Ethernet), and threat modeling for systems that must be secure and reliable from launch through de-orbit. It calls for 5+ years of software architecture experience plus deep secure embedded firmware expertise on bare-metal/RTOS systems, GDB debugging on FPGA/prototype chips, and practical penetration-testing/threat-modeling knowledge. Requires US citizen/national/permanent-resident status due to export control. Expect the mock to weigh heavily toward security architecture for embedded/RTOS systems and hardware bring-up under real-time and resource constraints.

Step into this interview

Free · a live voice mock calibrated to this exact role

Practice this interview

What this interview tests

  • Security architecture and threat modeling for ASIC/embedded firmware
  • Secure boot chains, key management, and crypto library use (mbedTLS/OpenSSL/PKCS11) under HW constraints
  • Bare-metal and RTOS firmware development for real-time, low-power, high-reliability systems
  • Hardware interface programming (I2C/I3C/SPI/UART/USB/JTAG/Ethernet) and debugging with GDB on FPGA/prototype silicon
  • Security reviews and penetration-testing methodology for embedded systems

Common question themes

Walk through threat-modeling a new piece of satellite hardware from concept to secure bring-up

Design a secure boot chain for a resource-constrained embedded system — what could go wrong

Describe debugging a firmware failure on a prototype chip using GDB/JTAG with no simulator reproduction

How would you balance real-time/power constraints against adding security controls (encryption, auth) in firmware

Explain how you'd run a security review or lightweight pentest on embedded firmware before it ships to hardware you can't patch after deployment

View the original posting

Related interviews