Saronic
Embedded Security Engineer
Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms. Saronic Technologies is a leader in defense autonomy at sea. We're seeking an Embedded Security Engineer to design, implement, and harden security for the software that runs on our autonomous surface vessels. You'll work across device identity, secure boot and update flows, secrets/key management, and secure communicationspartnering closely with autonomy, platform, manufacturing, and field teams to deliver trustworthy systems that operate reliably in maritime environments. Senior Engineers: 3+ years of experience delivering security features on embedded/Linux systems, preferably in autonomy, robotics, aerospace, or defense. Staff Engineers: 8+ years of experience including technical leadership across secure boot/update pipelines, identity/PKI, and fleet-wide hardening; demonstrated ownership of mission-critical features from design through field deployment. Key Responsibilities:
Design, develop, and maintain security features for embedded Linux systems (systemd-managed services, Rust/C/C++) used for navigation, control, and communications. Own per-vessel identity and mutual authentication for boat?cloud and boat?boat links; implement certificate/key rotation and revocation workflows. Implement signed/verified update mechanisms with rollback protection; collaborate with manufacturing on secure boot enablement and key provisioning. Integrate and operate hardware-backed key storage (e.g., TPM/secure elements) and sealed secrets for on-vessel services. Harden network paths over constrained links: TLS/mTLS, VPN overlay policies, and least-privilege service access. Reduce attack surface in embedded services (capabilities, seccomp/AppArmor where appropriate, safe process execution, input validation). Build tamper-evident, structured logging and diagnostics suitable for ship?shore analysis and incident response. Perform threat modeling, code reviews, and security testing (static/dynamic analysis, fuzzing, negative testing). Troubleshoot and debug complex security issues in fielded systems; author runbooks and safe-rollback procedures. Document designs, processes, and verification results for compliance and knowledge sharing; contribute to secure coding guidelines. Stay current on emerging security technologies and best practices relevant to embedded Linux and autonomous systems. Required Qualifications:
Bachelor's or Master's degree in Computer Science, Electrical/Computer Engineering, Software Engineering, or a related field. Proficiency in Rust and/or C/C++ developing software for embedded Linux. Strong understanding of cryptographic primitives and protocols (keys, certificates, signatures, TLS/mTLS), and experience integrating them into systems. Experience with secure/verified boot, OTA/update safety, and firmware/bootloader workflows. Familiarity with VPN overlays and constrained-network security patterns. Comfortable with Linux security fundamentals (users/permissions, capabilities, sandboxing) and systemd-based service management. Excellent problem-solving skills and ability to collaborate effectively in a fast-paced, cross-functional environment. Strong written and verbal communication skills. This role requires the ability to obtain and maintain a security clearance. Preferred Qualifications:
Experience with TPM/secure elements, measured/verified boot, and attestation. Exposure to NixOS-based builds, Yocto, or similar embedded Linux tooling. Experience with authenticated media/telemetry pipelines and secure streaming. DoD/defense domain familiarity and prior work under export-controlled constraints. Physical Demands:
Prolonged periods of sitting at a desk and working on a computer. Occasional standing and walking within the office. Manual dexterity to operate a computer keyboard, mouse, and other office equipment. Visual acuity to read screens, documents, and reports. Occasional reaching, bending, or stooping to access file drawers, cabinets, or office supplies. Lifting and carrying items up to 20 pounds occasionally (e.g., office supplies, packages). Benefits:
Medical Insurance: Comprehensive health insurance plans covering a range of services. Saronic pays 100% of the premium for employees and 80% for dependents. Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care. Saronic pays 99% of the premium for employees and 80% for dependents. Time Off: Generous PTO and Holidays. Parental Leave: Paid maternity and paternity leave to support new parents. Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses. Retirement Plan: 401(k) plan. Stock Options: Equity options to give employees a stake in the company's success. Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage. Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office.
Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms. Saronic Technologies is a leader in defense autonomy at sea. We're seeking an Embedded Security Engineer to design, implement, and harden security for the software that runs on our autonomous surface vessels. You'll work across device identity, secure boot and update flows, secrets/key management, and secure communicationspartnering closely with autonomy, platform, manufacturing, and field teams to deliver trustworthy systems that operate reliably in maritime environments. Senior Engineers: 3+ years of experience delivering security features on embedded/Linux systems, preferably in autonomy, robotics, aerospace, or defense. Staff Engineers: 8+ years of experience including technical leadership across secure boot/update pipelines, identity/PKI, and fleet-wide hardening; demonstrated ownership of mission-critical features from design through field deployment. Key Responsibilities:
Design, develop, and maintain security features for embedded Linux systems (systemd-managed services, Rust/C/C++) used for navigation, control, and communications. Own per-vessel identity and mutual authentication for boat?cloud and boat?boat links; implement certificate/key rotation and revocation workflows. Implement signed/verified update mechanisms with rollback protection; collaborate with manufacturing on secure boot enablement and key provisioning. Integrate and operate hardware-backed key storage (e.g., TPM/secure elements) and sealed secrets for on-vessel services. Harden network paths over constrained links: TLS/mTLS, VPN overlay policies, and least-privilege service access. Reduce attack surface in embedded services (capabilities, seccomp/AppArmor where appropriate, safe process execution, input validation). Build tamper-evident, structured logging and diagnostics suitable for ship?shore analysis and incident response. Perform threat modeling, code reviews, and security testing (static/dynamic analysis, fuzzing, negative testing). Troubleshoot and debug complex security issues in fielded systems; author runbooks and safe-rollback procedures. Document designs, processes, and verification results for compliance and knowledge sharing; contribute to secure coding guidelines. Stay current on emerging security technologies and best practices relevant to embedded Linux and autonomous systems. Required Qualifications:
Bachelor's or Master's degree in Computer Science, Electrical/Computer Engineering, Software Engineering, or a related field. Proficiency in Rust and/or C/C++ developing software for embedded Linux. Strong understanding of cryptographic primitives and protocols (keys, certificates, signatures, TLS/mTLS), and experience integrating them into systems. Experience with secure/verified boot, OTA/update safety, and firmware/bootloader workflows. Familiarity with VPN overlays and constrained-network security patterns. Comfortable with Linux security fundamentals (users/permissions, capabilities, sandboxing) and systemd-based service management. Excellent problem-solving skills and ability to collaborate effectively in a fast-paced, cross-functional environment. Strong written and verbal communication skills. This role requires the ability to obtain and maintain a security clearance. Preferred Qualifications:
Experience with TPM/secure elements, measured/verified boot, and attestation. Exposure to NixOS-based builds, Yocto, or similar embedded Linux tooling. Experience with authenticated media/telemetry pipelines and secure streaming. DoD/defense domain familiarity and prior work under export-controlled constraints. Physical Demands:
Prolonged periods of sitting at a desk and working on a computer. Occasional standing and walking within the office. Manual dexterity to operate a computer keyboard, mouse, and other office equipment. Visual acuity to read screens, documents, and reports. Occasional reaching, bending, or stooping to access file drawers, cabinets, or office supplies. Lifting and carrying items up to 20 pounds occasionally (e.g., office supplies, packages). Benefits:
Medical Insurance: Comprehensive health insurance plans covering a range of services. Saronic pays 100% of the premium for employees and 80% for dependents. Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care. Saronic pays 99% of the premium for employees and 80% for dependents. Time Off: Generous PTO and Holidays. Parental Leave: Paid maternity and paternity leave to support new parents. Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses. Retirement Plan: 401(k) plan. Stock Options: Equity options to give employees a stake in the company's success. Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage. Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office.