Security Engineer, Software Security

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.

Security at Saronic is a force multiplier. We're seeking a Security Engineer focused on software and systems security to own the security of Saronic's software platforms, build systems, and deployment infrastructure from development through production. Saronic builds on NixOS and Rust, and we need someone who understands how to secure software at every stage of the lifecycle, from reproducible builds and dependency management through CI/CD pipeline security, runtime hardening, and secure deployment to vessel and cloud environments. You will be the technical authority on how Saronic builds, ships, and runs secure software.

Key Responsibilities::
• Own the application security posture for Saronic's software platforms, including Rust-based services, system software, and supporting applications
• Lead secure code review, SAST, DAST, and fuzzing efforts, and define secure coding standards for Rust development including memory safety practices, safe FFI boundaries, and secure error handling
• Conduct threat modeling for software systems and translate findings into actionable security requirements integrated into design reviews and sprint planning
• Drive vulnerability management for software dependencies, including tracking, prioritization, and remediation of vulnerabilities in third-party crates and libraries
• Secure and harden NixOS configurations for vessel platforms and development infrastructure, leveraging Nix's reproducibility and declarative model for security enforcement
• Design system hardening profiles in NixOS including kernel hardening, service isolation, mandatory access controls, and minimal attack surface configurations
• Define and enforce package management and dependency policies within the Nix ecosystem, ensuring build closures are auditable, reproducible, and free from unauthorized or vulnerable packages
• Architect secure system update and rollback mechanisms using NixOS capabilities, ensuring fleet-wide consistency and integrity
• Design and implement security controls across the CI/CD pipeline including source integrity, build isolation, artifact signing, and deployment verification with build environments that are ephemeral, isolated, and hardened
• Build and maintain software supply chain security practices aligned to SLSA framework principles, including provenance tracking, hermetic builds, signed attestations, and SBOM generation
• Integrate security scanning (SAST, SCA, container scanning, secrets detection) into CI/CD pipelines as automated guardrails, and create self-service pipeline templates that enable teams to ship without bottlenecks
• Design secure deployment patterns for vessel software updates, including secure delivery, integrity verification, and rollback capabilities
• Implement runtime application security controls including logging, monitoring, and anomaly detection for deployed services
• Define software and systems security standards, patterns, and reference architectures that engineering teams adopt as the default secure path

Required Qualifications::
• 10+ years of hands-on experience in application security, product security, DevSecOps, or a closely related software security engineering role
• Strong experience with Rust security including safe/unsafe boundaries, FFI security, memory safety patterns, and dependency auditing
• Demonstrated experience securing Linux-based systems, with specific experience or strong aptitude for NixOS, Nix package management, and declarative system configuration
• Deep expertise in CI/CD pipeline security including build system hardening, artifact signing, supply chain integrity (SLSA), and automated security scanning integration
• Proven experience building DevSecOps programs that embed security into development workflows without creating bottlenecks
• Strong understanding of software supply chain security including dependency management, SBOM, provenance tracking, and vulnerability management for third-party components
• Proficiency in Rust, Python, Go, or Nix for building security tooling, automation, and pipeline integrations
• Ability to obtain and maintain a security clearance

Preferred Qualifications::
• Experience in defense, aerospace, robotics, autonomy, or other high-assurance environments
• Hands-on NixOS experience including writing Nix derivations, managing flakes, and building custom NixOS modules for system hardening
• Experience securing software for embedded or resource-constrained Linux environments
• Familiarity with NIST SP 800-171, NIST SP 800-53, NIST SP 800-218, or supply chain signing frameworks (sigstore, in-toto, Notary)
• Experience operating in AWS GovCloud or FedRAMP-regulated environments
• Relevant certifications such as OSWE, OSCP, GWAPT, GWEB, AWS Security Specialty, or equivalent

Benefits:
Medical Insurance: Comprehensive health insurance plans covering a range of services
Saronic pays 100% of the premium for employees and 80% for dependents
Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
Saronic pays 100% of the premium under the basic plan for employees and 80% for dependents
Time Off: Generous PTO and Holidays
Parental Leave: Paid maternity and paternity leave to support new parents
Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
Retirement Plan: 401(k) plan with company match
Stock Options: Equity options to give employees a stake in the company’s success
Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
Pet Insurance: Discounted pet insurance options including 24/7 Telehealth helpline
Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office

This role requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in 8 U.S.C. 1324b(a)(3).

Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.