Security Engineer, Software Security

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.

Security at Saronic is a force multiplier. We're seeking a Security Engineer focused on software and systems security to own the security of Saronic's software platforms, build systems, and deployment infrastructure from development through production. Saronic builds on NixOS and Rust, and we need someone who understands how to secure software at every stage of the lifecycle, from reproducible builds and dependency management through CI/CD pipeline security, runtime hardening, and secure deployment to vessel and cloud environments.

You will be the technical authority on how Saronic builds, ships, and runs secure software.

• Own the application security posture for Saronic's software platforms, including Rust-based services, system software, and supporting applications
• Lead secure code review, SAST, DAST, and fuzzing efforts, and define secure coding standards for Rust development including memory safety practices, safe FFI boundaries, and secure error handling
• Conduct threat modeling for software systems and translate findings into actionable security requirements integrated into design reviews and sprint planning
• Drive vulnerability management for software dependencies, including tracking, prioritization, and remediation of vulnerabilities in third‑party crates and libraries
• Secure and harden NixOS configurations for vessel platforms and development infrastructure, leveraging Nix's reproducibility and declarative model for security enforcement
• Design system hardening profiles in NixOS including kernel hardening, service isolation, mandatory access controls, and minimal attack surface configurations
• Define and enforce package management and dependency policies within the Nix ecosystem, ensuring build closures are auditable, reproducible, and free from unauthorized or vulnerable packages
• Architect secure system update and rollback mechanisms using NixOS capabilities, ensuring fleet‑wide consistency and integrity
• Design and implement security controls across the CI/CD pipeline including source integrity, build isolation, artifact signing, and deployment verification with build environments that are ephemera ls, isolated, and hardened
• Build and maintain software supply chain security practices aligned to SLSA framework principles, including provenance tracking, hermetic builds, signed attestations, and SBOM generation
• Integrate security scanning (SAST, SCA, container scanning, secrets detection) into CI/CD pipelines as automated guardrails, and create self‑service pipeline templates that enable teams to ship without bottlenecks
• Design secure deployment patterns for vessel software updates, including secure delivery, integrity verification, and rollback capabilities
• Implement runtime application security controls including logging, monitoring, and anomaly detection for deployed services
• Define software and systems security standards, patterns, and reference architectures that engineering teams adopt as the default secure path

• 6+ years of hands‑on experience in application security, product security, Dev Sec Ops , or a closely related software security engineering role
• Strong experience with Rust security including safe/unsafe boundaries, FFI security, memory safety patterns, and dependency auditing
• Demonstrated experience securing Linux‑based systems, with specific experience or strong aptitude for NixOS, Nix package management, and declarative system configuration
• Deep expertise in CI/CD pipeline security including build system hardening, artifact signing, supply chain integrity (SLSA), and automated security scanning integration
• Proven experience building Dev Sec Ops  programs that embed security into development workflows without creating bottlenecks
• Strong understanding of software supply chain security including dependency management, SBOM, provenance tracking, and vulnerability management for third‑party components
• Proficiency in Rust, Python, Go, or Nix for building…