Senior Safety & Embedded Software Engineer, Personal Robotics Group
The Personal Robotics Group is pioneering intelligent robotic products that deliver meaningful customer experiences. We are building the next generation of robotic systems that will redefine how customers interact with technology. Our work spans the full spectrum from advanced hardware design to sophisticated software and control systems, combining mechanical innovation, software engineering, dynamic systems modeling, and intelligent algorithms to create robots that are not just functional, but delightful. This is a unique opportunity to shape the future of personal robotics, working with world-class teams pushing the boundaries of what is possible in robotic manipulation, locomotion, and human-robot interaction.
We are seeking a Senior Safety & Embedded Software Engineer to design and implement the safety-critical software that keeps our robots safe, spanning the real-time functional safety island firmware and the platform safety software above it. You will architect and build firmware on 32-bit microcontrollers that monitors system health, implements low-level safety functions, and manages industrial communications to peripherals. You will also implement the safety mechanisms, freedom-from-interference partitioning, and verification evidence that let our platform software meet the safety requirements derived from our system-level safety program. This is a greenfield role: you will establish the architectural patterns, coding standards, and development practices for safety-critical software that scale from first prototype through production.
You will own the safety software architecture, working closely with the Functional Safety Engineering team within Systems Engineering, who own the system-level safety program, hazard analysis, and safety requirements. You will translate those system-level requirements into the software architecture, partitioning, and detailed designs that implement them, and you will partner with platform software engineers, controls engineers, and hardware teams to ensure safety is designed in at the component and subsystem level. The architectural surface is still being defined, so the engineer in this role sets the foundational patterns: how safety and non-safety software are partitioned, how the real-time island and the Linux platform interact, and how learned and AI-driven components are supervised and made safe.
Join us if you are passionate about creating the future of personal robotics, solving complex challenges at the intersection of hardware and software, and seeing your innovations deliver transformative customer experiences.
As a Senior Safety & Embedded Software Engineer, you will be both a hands-on developer and the technical owner of the safety software architecture. Day to day, you will design and implement safety-critical software components across two connected domains: the real-time safety island firmware running on the microcontroller, and the safety mechanisms within the platform software. You will own the detailed design of safety functions, define the architecture that connects them, build the verification and traceability evidence needed for certification, and establish the firmware and safety-coding practices the wider team works to. You will mentor junior engineers, drive technical reviews, and set technical direction, while keeping your hands on the hardest problems yourself.
The work is greenfield and the architectural decisions made now will shape safety-critical software through production. This is a role with real architectural ownership and a wide technical surface, from low-level deterministic firmware to the open questions around safety of AI-driven robotic behavior, for an engineer who wants to define foundations rather than work within them.
Key job responsibilities
Real-time and functional safety island firmware
- Design and implement the real-time and functional safety island firmware on 32-bit ARM microcontrollers, defining its interfaces to application software, system monitoring, diagnostics, and safety response mechanisms.
- Integrate an EtherCAT master stack for communication with motor controllers, actuators, and sensors across the distributed robotic system.
- Build real-time safety monitoring and deterministic behavior for safety-critical functions meeting PL-d/PL-e performance levels, including detection of hardware faults, communication failures, and system anomalies with bounded response times.
- Implement inter-processor communication and data-sharing mechanisms between the functional safety island and the Linux platform, establishing protocols for data exchange, synchronization, and peripheral status reporting.
- Deploy and integrate real-time control algorithms onto the real-time island, ensuring they meet hard real-time constraints, hold loop timing, and run free of jitter.
Platform safety software
- Design and implement safety functions such as safe stop, speed limiting, force limiting, and protective stop, translating software safety requirements into detailed designs and working code.
- Implement freedom-from-interference (FFI) mechanisms between safety-critical and non-safety-critical partitions, including memory protection, timing monitoring, and resource isolation across the mixed-criticality system.
- Develop software safety analysis artifacts including software FMEA contributions, fault tree analysis inputs, and diagnostic coverage analysis for safety-critical components.
- Maintain requirements traceability from software safety requirements through detailed design, implementation, and test cases, and build the safety evidence packages that support third-party assessment.
- Design and implement safety verification strategies including unit, integration, and fault injection tests for safety-critical components.
Standards, architecture, and technical leadership
- Own the architecture of safety partitioning, freedom from interference, and resource allocation between safety and non-safety domains, and define how the real-time island and the Linux platform divide safety responsibility.
- Evaluate and select safety-certified RTOS solutions (QNX for Safety, SafeRTOS, or similar) and establish development patterns, MISRA C/C++ coding standards, and static analysis workflows that enable the team to meet functional safety certification requirements.
- Enforce safety coding standards across the codebase, conducting safety-focused code reviews and establishing the compliance workflows the team works to.
- Drive technical reviews, architecture discussions, and design decisions that affect system performance, reliability, and certifiability.
- Mentor software engineers on safety-critical firmware development, real-time systems design, industrial communication protocols, and safety verification techniques.
- Work with hardware partners on MCU selection, peripheral requirements, and hardware-software interfaces for the functional safety island, and prototype architectural concepts to validate designs before committing to implementation.
Forward-looking: safety of AI-driven robots
- As the platform incorporates more learned and AI-driven behavior, contribute to how that behavior is made safe: runtime monitoring and assurance of learned components, safe fallback and envelope protection around AI-driven decisions, and the safety architecture that lets a deterministic safety island supervise a non-deterministic application layer.
- Engage with emerging practice in safety of autonomous and AI systems, including SOTIF concepts and machine-learning safety, and translate it into concrete design and verification approaches for our platform.
A day in the life
You start your day reviewing static analysis results from the overnight runs, triaging violations and safety-relevant findings for the team's safety-critical components, then updating the requirements traceability matrix for a safety function you are implementing so the detailed design links cleanly back to its software safety requirements. You lead a technical discussion with the platform software and controls teams on the interface between the functional safety island and the Linux platform, setting the direction on synchronization mechanisms and data exchange patterns.
In the afternoon, you work with a controls engineer to integrate a newly developed control algorithm onto the real-time island, validating that it holds the required 1 kHz loop timing and tuning the execution framework to eliminate jitter. You implement a freedom-from-interference mechanism for the safety partition, working through memory protection and timing monitoring, then pair with a junior engineer on fault injection tests for the protective stop function, walking them through how the test evidence maps to the safety case. You review a pull request for a safety-critical component, checking MISRA compliance, error handling, and alignment with the safety coding guidelines you helped establish.
You wrap up the day in a technical review, presenting your system monitoring and real-time execution framework to cross-functional stakeholders from hardware, controls, and safety engineering, and folding their feedback into the evolving design. Throughout the day you move between deep implementation detail and architectural decisions, and you are the person the team looks to for direction on safety-critical software. The scope is wide and the foundations are yours to set: deterministic real-time firmware, the safety architecture above it, and how our robots, including their AI-driven behavior, are made safe.
About the team
The Personal Robotics Group is pioneering intelligent robotic products that deliver meaningful customer experiences. We're building the next generation of robotic systems that will redefine how customers interact with technology. Our work spans the full spectrum from advanced hardware design to sophisticated software and control systems, combining mechanical innovation, software engineering, dynamic systems modeling, and intelligent algorithms to create robots that are not just functional, but delightful. This is a unique opportunity to shape the future of personal robotics working with world-class teams pushing the boundaries of what's possible in robotic manipulation, locomotion, and human-robot interaction.
Join us if you're passionate about creating the future of personal robotics, solving complex challenges at the intersection of hardware and software, and seeing your innovations deliver transformative customer experiences. - 5+ years of non-internship professional software development experience
- 5+ years of programming with at least one software programming language experience
- 5+ years of leading design or architecture (design patterns, reliability and scaling) of new and existing systems experience
- Experience as a mentor, tech lead or leading an engineering team
- Bachelor's degree in computer science, electrical engineering, or related field
- 8+ years of software engineering experience, with at least 3 years focused on safety-critical or safety-related software development.
- Proficiency in C and C++ for embedded systems, with a strong understanding of real-time constraints and deterministic behavior.
- Experience developing software to IEC 61508, ISO 13849, ISO 26262, or an equivalent functional safety standard.
- Hands-on experience applying MISRA C/C++ or equivalent safety coding standards, with static analysis tools in a safety workflow.
- Experience with real-time operating systems (QNX, FreeRTOS, SafeRTOS, or similar) and their application in safety-critical contexts.
- Experience with industrial communication protocols such as EtherCAT, CAN, or CANopen.
- Experience with software safety analysis techniques such as software FMEA, fault tree analysis, or diagnostic coverage analysis, and with requirements traceability and safety evidence generation.- 3+ years specifically focused on embedded firmware development for microcontrollers, and experience leading the technical design of real-time embedded systems.
- Experience with EtherCAT master stack development or integration (IgH, Acontis, or similar).
- Experience with safety-certified RTOS (QNX for Safety, SafeRTOS, INTEGRITY) or real-time Linux in safety contexts.
- Experience implementing freedom-from-interference mechanisms in mixed-criticality systems, and with inter-processor communication mechanisms (shared memory, message passing, dual-port RAM).
- Understanding of safety architecture patterns including redundancy, cross-checking, and fail-safe design.
- Hands-on experience with static analysis tools (Polyspace, Klocwork, Coverity, PC-lint) and with fault injection testing and safety verification methodologies.
- Knowledge of motor control systems and communication with motor controllers (BLDC, servo drives), and experience with hardware bring-up, peripheral integration, and low-level firmware debugging.
- Experience with ISO 13482 (Personal Care Robots) or ISO 10218 (Industrial Robots), and a background in robotics, industrial automation, or safety-critical embedded systems.
- Exposure to or interest in safety of autonomous and AI systems (SOTIF concepts, machine-learning safety).
- Understanding of safety tool qualification requirements per IEC 61508, and TUV or equivalent functional safety certification (FSE, CFSE, or similar).
- A track record of establishing technical standards and development practices, and strong technical communication skills, including presenting architecture to stakeholders.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
USA, CA, SAN FRANCISCO - 193,300.00 - 261,500.00 USD annually
We are seeking a Senior Safety & Embedded Software Engineer to design and implement the safety-critical software that keeps our robots safe, spanning the real-time functional safety island firmware and the platform safety software above it. You will architect and build firmware on 32-bit microcontrollers that monitors system health, implements low-level safety functions, and manages industrial communications to peripherals. You will also implement the safety mechanisms, freedom-from-interference partitioning, and verification evidence that let our platform software meet the safety requirements derived from our system-level safety program. This is a greenfield role: you will establish the architectural patterns, coding standards, and development practices for safety-critical software that scale from first prototype through production.
You will own the safety software architecture, working closely with the Functional Safety Engineering team within Systems Engineering, who own the system-level safety program, hazard analysis, and safety requirements. You will translate those system-level requirements into the software architecture, partitioning, and detailed designs that implement them, and you will partner with platform software engineers, controls engineers, and hardware teams to ensure safety is designed in at the component and subsystem level. The architectural surface is still being defined, so the engineer in this role sets the foundational patterns: how safety and non-safety software are partitioned, how the real-time island and the Linux platform interact, and how learned and AI-driven components are supervised and made safe.
Join us if you are passionate about creating the future of personal robotics, solving complex challenges at the intersection of hardware and software, and seeing your innovations deliver transformative customer experiences.
As a Senior Safety & Embedded Software Engineer, you will be both a hands-on developer and the technical owner of the safety software architecture. Day to day, you will design and implement safety-critical software components across two connected domains: the real-time safety island firmware running on the microcontroller, and the safety mechanisms within the platform software. You will own the detailed design of safety functions, define the architecture that connects them, build the verification and traceability evidence needed for certification, and establish the firmware and safety-coding practices the wider team works to. You will mentor junior engineers, drive technical reviews, and set technical direction, while keeping your hands on the hardest problems yourself.
The work is greenfield and the architectural decisions made now will shape safety-critical software through production. This is a role with real architectural ownership and a wide technical surface, from low-level deterministic firmware to the open questions around safety of AI-driven robotic behavior, for an engineer who wants to define foundations rather than work within them.
Key job responsibilities
Real-time and functional safety island firmware
- Design and implement the real-time and functional safety island firmware on 32-bit ARM microcontrollers, defining its interfaces to application software, system monitoring, diagnostics, and safety response mechanisms.
- Integrate an EtherCAT master stack for communication with motor controllers, actuators, and sensors across the distributed robotic system.
- Build real-time safety monitoring and deterministic behavior for safety-critical functions meeting PL-d/PL-e performance levels, including detection of hardware faults, communication failures, and system anomalies with bounded response times.
- Implement inter-processor communication and data-sharing mechanisms between the functional safety island and the Linux platform, establishing protocols for data exchange, synchronization, and peripheral status reporting.
- Deploy and integrate real-time control algorithms onto the real-time island, ensuring they meet hard real-time constraints, hold loop timing, and run free of jitter.
Platform safety software
- Design and implement safety functions such as safe stop, speed limiting, force limiting, and protective stop, translating software safety requirements into detailed designs and working code.
- Implement freedom-from-interference (FFI) mechanisms between safety-critical and non-safety-critical partitions, including memory protection, timing monitoring, and resource isolation across the mixed-criticality system.
- Develop software safety analysis artifacts including software FMEA contributions, fault tree analysis inputs, and diagnostic coverage analysis for safety-critical components.
- Maintain requirements traceability from software safety requirements through detailed design, implementation, and test cases, and build the safety evidence packages that support third-party assessment.
- Design and implement safety verification strategies including unit, integration, and fault injection tests for safety-critical components.
Standards, architecture, and technical leadership
- Own the architecture of safety partitioning, freedom from interference, and resource allocation between safety and non-safety domains, and define how the real-time island and the Linux platform divide safety responsibility.
- Evaluate and select safety-certified RTOS solutions (QNX for Safety, SafeRTOS, or similar) and establish development patterns, MISRA C/C++ coding standards, and static analysis workflows that enable the team to meet functional safety certification requirements.
- Enforce safety coding standards across the codebase, conducting safety-focused code reviews and establishing the compliance workflows the team works to.
- Drive technical reviews, architecture discussions, and design decisions that affect system performance, reliability, and certifiability.
- Mentor software engineers on safety-critical firmware development, real-time systems design, industrial communication protocols, and safety verification techniques.
- Work with hardware partners on MCU selection, peripheral requirements, and hardware-software interfaces for the functional safety island, and prototype architectural concepts to validate designs before committing to implementation.
Forward-looking: safety of AI-driven robots
- As the platform incorporates more learned and AI-driven behavior, contribute to how that behavior is made safe: runtime monitoring and assurance of learned components, safe fallback and envelope protection around AI-driven decisions, and the safety architecture that lets a deterministic safety island supervise a non-deterministic application layer.
- Engage with emerging practice in safety of autonomous and AI systems, including SOTIF concepts and machine-learning safety, and translate it into concrete design and verification approaches for our platform.
A day in the life
You start your day reviewing static analysis results from the overnight runs, triaging violations and safety-relevant findings for the team's safety-critical components, then updating the requirements traceability matrix for a safety function you are implementing so the detailed design links cleanly back to its software safety requirements. You lead a technical discussion with the platform software and controls teams on the interface between the functional safety island and the Linux platform, setting the direction on synchronization mechanisms and data exchange patterns.
In the afternoon, you work with a controls engineer to integrate a newly developed control algorithm onto the real-time island, validating that it holds the required 1 kHz loop timing and tuning the execution framework to eliminate jitter. You implement a freedom-from-interference mechanism for the safety partition, working through memory protection and timing monitoring, then pair with a junior engineer on fault injection tests for the protective stop function, walking them through how the test evidence maps to the safety case. You review a pull request for a safety-critical component, checking MISRA compliance, error handling, and alignment with the safety coding guidelines you helped establish.
You wrap up the day in a technical review, presenting your system monitoring and real-time execution framework to cross-functional stakeholders from hardware, controls, and safety engineering, and folding their feedback into the evolving design. Throughout the day you move between deep implementation detail and architectural decisions, and you are the person the team looks to for direction on safety-critical software. The scope is wide and the foundations are yours to set: deterministic real-time firmware, the safety architecture above it, and how our robots, including their AI-driven behavior, are made safe.
About the team
The Personal Robotics Group is pioneering intelligent robotic products that deliver meaningful customer experiences. We're building the next generation of robotic systems that will redefine how customers interact with technology. Our work spans the full spectrum from advanced hardware design to sophisticated software and control systems, combining mechanical innovation, software engineering, dynamic systems modeling, and intelligent algorithms to create robots that are not just functional, but delightful. This is a unique opportunity to shape the future of personal robotics working with world-class teams pushing the boundaries of what's possible in robotic manipulation, locomotion, and human-robot interaction.
Join us if you're passionate about creating the future of personal robotics, solving complex challenges at the intersection of hardware and software, and seeing your innovations deliver transformative customer experiences. - 5+ years of non-internship professional software development experience
- 5+ years of programming with at least one software programming language experience
- 5+ years of leading design or architecture (design patterns, reliability and scaling) of new and existing systems experience
- Experience as a mentor, tech lead or leading an engineering team
- Bachelor's degree in computer science, electrical engineering, or related field
- 8+ years of software engineering experience, with at least 3 years focused on safety-critical or safety-related software development.
- Proficiency in C and C++ for embedded systems, with a strong understanding of real-time constraints and deterministic behavior.
- Experience developing software to IEC 61508, ISO 13849, ISO 26262, or an equivalent functional safety standard.
- Hands-on experience applying MISRA C/C++ or equivalent safety coding standards, with static analysis tools in a safety workflow.
- Experience with real-time operating systems (QNX, FreeRTOS, SafeRTOS, or similar) and their application in safety-critical contexts.
- Experience with industrial communication protocols such as EtherCAT, CAN, or CANopen.
- Experience with software safety analysis techniques such as software FMEA, fault tree analysis, or diagnostic coverage analysis, and with requirements traceability and safety evidence generation.- 3+ years specifically focused on embedded firmware development for microcontrollers, and experience leading the technical design of real-time embedded systems.
- Experience with EtherCAT master stack development or integration (IgH, Acontis, or similar).
- Experience with safety-certified RTOS (QNX for Safety, SafeRTOS, INTEGRITY) or real-time Linux in safety contexts.
- Experience implementing freedom-from-interference mechanisms in mixed-criticality systems, and with inter-processor communication mechanisms (shared memory, message passing, dual-port RAM).
- Understanding of safety architecture patterns including redundancy, cross-checking, and fail-safe design.
- Hands-on experience with static analysis tools (Polyspace, Klocwork, Coverity, PC-lint) and with fault injection testing and safety verification methodologies.
- Knowledge of motor control systems and communication with motor controllers (BLDC, servo drives), and experience with hardware bring-up, peripheral integration, and low-level firmware debugging.
- Experience with ISO 13482 (Personal Care Robots) or ISO 10218 (Industrial Robots), and a background in robotics, industrial automation, or safety-critical embedded systems.
- Exposure to or interest in safety of autonomous and AI systems (SOTIF concepts, machine-learning safety).
- Understanding of safety tool qualification requirements per IEC 61508, and TUV or equivalent functional safety certification (FSE, CFSE, or similar).
- A track record of establishing technical standards and development practices, and strong technical communication skills, including presenting architecture to stakeholders.
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.
Los Angeles County applicants: Job duties for this position include: work safely and cooperatively with other employees, supervisors, and staff; adhere to standards of excellence despite stressful conditions; communicate effectively and respectfully with employees, supervisors, and staff to ensure exceptional customer service; and follow all federal, state, and local laws and Company policies. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness and professionalism, and safeguard business operations and the Company’s reputation. Pursuant to the Los Angeles County Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit https://amazon.jobs/content/en/how-we-hire/accommodations for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.
The base salary range for this position is listed below. Your Amazon package will include sign-on payments and restricted stock units (RSUs). Final compensation will be determined based on factors including experience, qualifications, and location. Amazon also offers comprehensive benefits including health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage), 401(k) matching, paid time off, and parental leave. Learn more about our benefits at https://amazon.jobs/en/benefits.
USA, CA, SAN FRANCISCO - 193,300.00 - 261,500.00 USD annually