This is a hands-on security engineering role; not a GRC or project management role. You'll identify the frameworks that apply, architect the vessel's security to satisfy them, and drive authorization to completion. Where standards don't yet exist, you'll define them.

Key Responsibilities:

• Own the security posture for one or more vessel programs from architecture through fielding, serving as the responsible security engineer for the product
• Drive threat modeling across vessel subsystems including embedded compute, communications, navigation, propulsion controls, sensor fusion, and C2 interfaces and define security architectures, trust boundaries, and segmentation strategies based on findings
• Identify and mitigate security risks unique to autonomous maritime platforms, including GPS/GNSS spoofing, RF interference, sensor manipulation, supply chain compromise, and physical access threats
• Own the end-to-end authorization lifecycle for vessel programs, from initial security planning through ATO or equivalent customer authorization milestones
• Navigate DoD cybersecurity authorization frameworks including RMF, CSRMC, and service-specific requirements across Navy, Coast Guard, Marine Corps, and joint programs
• Prepare and maintain authorization artifacts, security documentation, and evidence packages that satisfy Authorizing Officials and program offices
• Identify and map applicable compliance frameworks for each vessel and customer segment including NIST SP 800-53, NIST SP 800-171, CMMC 2.0, FedRAMP, IEC 62443, IMO MASS Code, and IACS UR E26/E27 and proactively define Saronic's compliance posture where standards are still emerging
• Engage directly with government program offices, Authorizing Officials, DOT&E evaluators, and classification societies as a credible technical representative of Saronic's security posture
• Support cybersecurity testing and evaluation efforts, including preparation for operational test events, red team assessments, and cooperative vulnerability assessments
• Partner with supply chain and manufacturing teams to address hardware provenance, firmware integrity, and anti-tamper requirements for production vessels
• Work with Legal and Contracts to ensure security and compliance requirements are accurately reflected in customer agreements, proposals, and contract deliverables

Required Qualifications:

• 6+ years of hands-on experience in product security, systems security engineering, authorization engineering, or a closely related security engineering role for defense or high-assurance platforms
• Strong understanding of DoD cybersecurity authorization processes (RMF, ATO/IATT, CSRMC, continuous ATO) with experience contributing to or driving systems through authorization
• Working knowledge of NIST SP 800-53, NIST SP 800-171, and CMMC 2.0 and their application to weapons systems, autonomous platforms, or similarly complex defense products
• Experience with threat modeling, security architecture, or risk assessment for cyber-physical systems, embedded systems, or operational technology environments
• Strong technical foundation, able to read architecture diagrams, evaluate security controls at a systems level, and hold credible technical conversations with hardware, software, and cloud engineers
• Ability to clearly communicate with both technical and non-technical stakeholders, including production of security documentation and authorization artifacts
• Ownership mindset with the ability to operate in ambiguity, define the path forward, and move work to completion across teams
• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience as a product security lead, systems security engineer, or authorization lead for a defense platform or program of record
• Direct experience engaging with government Authorizing Officials, program offices, or DOT&E as a technical security representative
• Experience in defense technology startups, DARPA programs, or organizations that move at speed within the defense acquisition system
• Familiarity with maritime-specific frameworks including IMO MASS Code, IACS UR E26/E27, IEC 62443, or classification society autonomous vessel rules
• Understanding of autonomous systems security challenges including communications security, electronic warfare hardening, GPS/GNSS resilience, and AI/ML system security
• Experience with ITAR/EAR compliance, supply chain security, or manufacturing security for defense products
• Familiarity with the defense acquisition lifecycle and how authorization milestones integrate into program schedules

Additional Information:

• Benefits: Medical Insurance, Dental and Vision Insurance, Time Off, Parental Leave, Competitive Salary, Retirement Plan, Stock Options, Life and Disability Insurance, Pet Insurance
• This role requires access to export-controlled information or items that require “U.S. Person” status.

XML job scraping automation by YubHub