Security Engineer, Systems Security

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.

Security at Saronic is a force multiplier. We're seeking a Security Engineer to own the product security and authorization lifecycle for Saronic's autonomous surface vessels. You will serve as the responsible security engineer for one or more vessel programs, owning the security posture from design through production, authorization, and operational deployment. This is a hands‑on security engineering role; not a GRC or project management role.

No single compliance framework covers autonomous surface vessels today. DoD authorization processes are evolving, commercial maritime regulators are still drafting the MASS Code, and classification societies are issuing their first autonomous vessel certifications. You'll identify the frameworks that apply, architect the vessel's security to satisfy them, and drive authorization to completion. Where standards don't yet exist, you'll define them.

• Own the security posture for one or more vessel programs from architecture through fielding, serving as the responsible security engineer for the product
• Drive threat modeling across vessel subsystems including embedded compute, communications, navigation, propulsion controls, sensor fusion, and C2 interfaces and define security architectures, trust boundaries, and segmentation strategies based on findings
• Identify and mitigate security risks unique to autonomous maritime platforms, including GPS/GNSS spoofing, RF interference, sensor manipulation, supply chain compromise, and physical access threats
• Own the end‑to‑end authorization lifecycle for vessel programs, from initial security planning through ATO or equivalent customer authorization milestones
• Navigate DoD cybersecurity authorization frameworks including RMF, CSRMC, and service‑specific requirements across Navy, Coast Guard, Marine Corps, and joint programs
• Prepare and maintain authorization artifacts, security documentation, and evidence packages that satisfy Authorizing Officials and program offices
• Identify and map applicable compliance frameworks for each vessel and customer segment including NIST SP 800-53, NIST SP 800-171, CMMC 2.0, FedRAMP, IEC 62443, IMO MASS Code, and IACS UR E26/E27 and proactively define Saronic's compliance posture where standards are still emerging
• Engage directly with government program offices, Authorizing Officials, DOT&E evaluators, and classification societies as a credible technical representative of Saronic's security posture
• Support cybersecurity testing and evaluation efforts, including preparation for operational test events, red team assessments, and cooperative vulnerability assessments
• Partner with supply chain and manufacturing teams to address hardware provenance, firmware integrity, and anti‑tamper requirements for production vessels
• Work with Legal and Contracts to ensure security and compliance requirements are accurately reflected in customer agreements, proposals, and contract deliverables

• 6+ years of hands‑on experience in product security, systems security engineering, authorization engineering, or a closely related security engineering role for defense or high‑assurance platforms
• Strong understanding of DoD cybersecurity authorization processes (RMF, ATO/IATT, CSRMC, continuous ATO) with experience contributing to or driving systems through authorization
• Working knowledge of NIST SP 800-53, NIST SP 800-171, and CMMC 2.0 and their application to weapons systems, autonomous platforms, or similarly complex defense products
• Experience with threat modeling, security architecture, or risk assessment for cyber‑physical systems, embedded systems, or operational technology environments
• Strong technical foundation, able to read architecture diagrams, evaluate security controls at a systems level, and hold credible technical conversations with hardware, software, and cloud engineers
• Ability to clearly communicate with both technical and non‑technical stakeholders, including production of…