Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.
Security at Saronic is a force multiplier. We're seeking a Security Engineer focused on software and systems security to own the security of Saronic's software platforms, build systems, and deployment infrastructure from development through production. Saronic builds on NixOS and Rust, and we need someone who understands how to secure software at every stage of the lifecycle, from reproducible builds and dependency management through CI/CD pipeline security, runtime hardening, and secure deployment to vessel and cloud environments. You will be the technical authority on how Saronic builds, ships, and runs secure software.
Key Responsibilities:
Own the application security posture for Saronic's software platforms, including Rust-based services, system software, and supporting applications
Lead secure code review, SAST, DAST, and fuzzing efforts, and define secure coding standards for Rust development including memory safety practices, safe FFI boundaries, and secure error handling
Conduct threat modeling for software systems and translate findings into actionable security requirements integrated into design reviews and sprint planning
Drive vulnerability management for software dependencies, including tracking, prioritization, and remediation of vulnerabilities in third-party crates and libraries
Secure and harden NixOS configurations for vessel platforms and development infrastructure, leveraging Nix's reproducibility and declarative model for security enforcement
Design system hardening profiles in NixOS including kernel hardening, service isolation, mandatory access controls, and minimal attack surface configurations
Define and enforce package management and dependency policies within the Nix ecosystem, ensuring build closures are auditable, reproducible, and free from unauthorized or vulnerable packages
Architect secure system update and rollback mechanisms using NixOS capabilities, ensuring fleet-wide consistency and integrity
Design and implement security controls across the CI/CD pipeline including source integrity, build isolation, artifact signing, and deployment verification with build environments that are ephemeral, isolated, and hardened
Build and maintain software supply chain security practices aligned to SLSA framework principles, including provenance tracking, hermetic builds, signed attestations, and SBOM generation
Integrate security scanning (SAST, SCA, container scanning, secrets detection) into CI/CD pipelines as automated guardrails, and create self-service pipeline templates that enable teams to ship without bottlenecks
Design secure deployment patterns for vessel software updates, including secure delivery, integrity verification, and rollback capabilities
Implement runtime application security controls including logging, monitoring, and anomaly detection for deployed services
Define software and systems security standards, patterns, and reference architectures that engineering teams adopt as the default secure path
Required Qualifications:
6+ years of hands-on experience in application security, product security, DevSecOps, or a closely related software security engineering role
Strong experience with Rust security including safe/unsafe boundaries, FFI security, memory safety patterns, and dependency auditing
Demonstrated experience securing Linux-based systems, with specific experience or strong aptitude for NixOS, Nix package management, and declarative system configuration
Deep expertise in CI/CD pipeline security including build system hardening, artifact signing, supply chain integrity (SLSA), and automated security scanning integration
Proven experience building DevSecOps programs that embed security into development workflows without creating bottlenecks
Strong understanding of software supply chain security including dependency management, SBOM, provenance tracking, and vulnerability management for third-party components
Proficiency in Rust, Python, Go, or Nix for building security tooling, automation, and pipeline integrations
Ability to obtain and maintain a security clearance
Preferred Qualifications:
Experience in defense, aerospace, robotics, autonomy, or other high-assurance environments
Hands-on NixOS experience including writing Nix derivations, managing flakes, and building custom NixOS modules for system hardening
Experience securing software for embedded or resource-constrained Linux environments
Familiarity with NIST SP 800-171, NIST SP 800-53, NIST SP 800-218, or supply chain signing frameworks (sigstore, in-toto, Notary)
Experience operating in AWS GovCloud or FedRAMP-regulated environments
Relevant certifications such as OSWE, OSCP, GWAPT, GWEB, AWS Security Specialty, or equivalent
Additional Information
Benefits:
Medical Insurance: Comprehensive health insurance plans covering a range of services
Saronic pays 100% of the premium for employees and 80% for dependents
Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
Saronic pays 100% of the premium under the basic plan for employees and 80% for dependents
Time Off: Generous PTO and Holidays
Parental Leave: Paid maternity and paternity leave to support new parents
Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
Retirement Plan: 401(k) plan with company match
Stock Options: Equity options to give employees a stake in the company’s success
Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
Pet Insurance: Discounted pet insurance options including 24/7 Telehealth helpline
Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office
This role requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in 8 U.S.C. 1324b(a)(3).
Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
Estas cookies son necesarias para que el sitio web funcione y no se pueden desactivar en nuestros sistemas. Puede configurar su navegador para bloquear estas cookies, pero entonces algunas partes del sitio web podrían no funcionar.
Seguridad
Experiencia de usuario
Cookies orientadas al público objetivo
Estas cookies son instaladas a través de nuestro sitio web por nuestros socios publicitarios. Estas empresas pueden utilizarlas para elaborar un perfil de sus intereses y mostrarle publicidad relevante en otros lugares.
Google Analytics
Anuncios Google
Utilizamos cookies
🍪
Nuestro sitio web utiliza cookies y tecnologías similares para personalizar el contenido, optimizar la experiencia del usuario e indvidualizar y evaluar la publicidad. Al hacer clic en Aceptar o activar una opción en la configuración de cookies, usted acepta esto.
Los mejores empleos remotos por correo electrónico
¡Únete a más de 5.000 personas que reciben alertas semanales con empleos remotos!
