You will be the technical authority on hardware root of trust, secure boot, firmware integrity, embedded system hardening, and the security of third-party hardware integrations. Your work ensures that every component on the vessel is resilient against tampering, exploitation, and supply chain compromise, designed in from the start and maintained across the fleet lifecycle.

Key Responsibilities:

• Conduct hardware security assessments including fault injection, side-channel analysis, interface evaluation, and bus protocol analysis across Saronic-built and third-party hardware including sensors, radios, navigation systems, propulsion controllers, and communication modules

• Evaluate and harden physical interfaces, debug ports, maintenance access points, and removable media interfaces on vessel hardware

• Evaluate supply chain security risks for hardware components and recommend provenance validation, anti-tamper, and attestation controls

• Develop and maintain a hardware security testing capability including tooling, methodology, and repeatable test procedures

• Design and implement secure boot chains establishing hardware root of trust from power-on through application launch, integrating TPM, secure elements, and HSMs for device identity, key storage, measured boot, and remote attestation

• Design and implement secure firmware update mechanisms including signed updates, rollback protection, and verified delivery across the fleet

• Own the cryptographic key lifecycle for hardware-bound keys, including provisioning, rotation, revocation, and escrow

• Harden embedded Linux systems on vessel platforms, including kernel configuration, mandatory access controls, secure IPC, and attack surface reduction

• Secure operational technology protocols and interfaces used in vessel control systems, propulsion, navigation, and sensor fusion including CAN bus, NMEA, and maritime/industrial communication protocols

• Define security boundaries, trust zones, and segmentation strategies for vessel-internal compute and communication architectures

• Drive threat modeling across vessel hardware subsystems and translate findings into actionable engineering requirements

• Produce secure-by-design reference architectures and define hardware and firmware security standards, testing requirements, and acceptance criteria integrated into engineering workflows

Required Qualifications:

• 6+ years of hands-on experience in hardware security, embedded systems security, firmware security, or a closely related security engineering role

• Deep expertise in hardware hacking techniques including fault injection, side-channel attacks, JTAG/SWD exploitation, bus sniffing/injection, and physical security assessments

• Demonstrated experience designing and implementing secure boot chains, hardware root of trust, and secure firmware update mechanisms in production systems

• Strong experience assessing third-party hardware integrations and evaluating supply chain security risks

• Deep knowledge of embedded Linux security hardening, kernel security, and mandatory access control frameworks

• Experience with operational technology security, industrial protocols, or control system security

• Proficiency in C, C++, Python, or Rust in the context of firmware, embedded, or systems-level security work, and with hardware security testing tools

• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience in defense, aerospace, robotics, autonomy, maritime, or other high-assurance environments

• Experience with autonomous systems, unmanned vehicles, or safety-critical embedded platforms

• Experience with RTOS, microcontroller security, or resource-constrained device environments

• Knowledge of CAN bus, NMEA protocols, maritime communication systems, RF/GPS/GNSS security, or ICS security standards

• Familiarity with defense or safety-critical compliance frameworks (NIST SP 800-53, IEC 62443, Common Criteria, or equivalent)

• Relevant certifications such as OSEE, GXPN, GSE, or hardware-focused credentials

XML job scraping automation by YubHub

Your day-to-day will involve leading security architecture/design review and threat modeling sessions with product and engineering teams, translating threats into actionable, risk-rated engineering remediations prioritized by severity, conducting hands-on penetration testing and security assessments across our full product stack, and driving PSIRT operations by triaging incoming vulnerability reports, leading technical investigations, coordinating remediation with engineering, scoring severity (CVSS), managing coordinated disclosure with external researchers, and on-call incidents.

You will also shape the posture of our AI-assisted development environment, defining and enforcing enterprise policies for Claude and Cursor, and partner across the organization, sitting in design review with architects, advising product managers and engineering teams on security and compliance implications of new features, briefing executives on emerging AI threats, mentoring junior security engineers, and collaborating with the AI team on securing ML pipelines.

As a champion of security culture, you will run developer training on secure coding with AI assistants, evangelize security by design for products, and ensure every engineer understands that product security is an enabler and not a gate.

You will bring 10+ years of product security experience spanning application security, cloud security, and secure SDLC, expert-level threat modeling using STRIDE, PASTA, or equivalent across web, mobile, cloud, embedded, and AI systems, hands-on penetration testing skills across applications, API, cloud infrastructure, and hardware/firmware, and deep hands-down AI security expertise and expert-level understanding of OWASP Top 10 for LLM, API, Web, Mobile, and practical experience with MITRE.

You will have strong hands-on experience in security tools SAST, DAST, SCA, and securing AI development tools specifically Claude and Cursor, and understand MCP security risks and know how to architect enterprise guardrails that enable safe AI-assisted development.

You will also have strong programming ability and capability to review code, build security tools, automate workflows, and be credible with the engineering teams you partner with.

Preferred experience includes hardware and embedded security experience with knowledge of secure boot, firmware integrity, hardware root of trust, and IoT threat modeling experience, and experience in the Financial industry, knowledge of PCI DSS, COPPA, or demonstrated ability to learn regulated domains quickly.

Work perks at Greenlight include medical, dental, vision, and HSA match, paid life insurance, AD&D, and disability benefits, traditional 401k with company match, unlimited PTO, paid company holidays and pop-up bonus holidays, professional development stipends, mental health resources, 1:1 financial planners, fertility healthcare, 100% paid parental and caregiving leave, plus cleaning service and meals during your leave, flexible WFH, both remote and in-office opportunities, fully stocked kitchen, catered lunches, and occasional in-office happy hours, and employee resource groups.

XML job scraping automation by YubHub