The ideal candidate will have 8+ years of hands-on experience in Security Technical Program Management, Security Strategy, Security Risk Management and/or Security Compliance roles, ideally within the cloud services industry. They will have a Bachelor's degree in Information Security, Computer Science, or a related field or equivalent job experience.

Responsibilities:

• Lead end-to-end program management for critical security engineering and security compliance initiatives, including cross-functional planning, execution, delivery, and retrospectives
• Define program scope, milestones, and success metrics while managing security risks and dependencies
• Partner closely within the security team, and across engineering, product management and operations teams to ensure alignment on priorities and deliverables
• Act as the primary point of contact for security and cross-functional stakeholders, providing regular status updates, addressing risks, and ensuring accountability
• Facilitate and influence technical security, privacy and compliance discussions and decisions to align with long-term infrastructure goals and business objectives
• Develop and implement scalable processes to improve efficiency and predictability in program delivery
• Strategically automate and improve day-to-day operations, processes and reporting
• Tailor communications to a diverse audience and remain adaptable to a wide range of personalities and technical depth

What We Offer:

• Competitive salary range of $122,000 to $237,000
• Discretionary bonus, equity awards, and a comprehensive benefits program
• Medical, dental, and vision insurance - 100% paid for by CoreWeave
• Company-paid Life Insurance
• Voluntary supplemental life insurance
• Short and long-term disability insurance
• Flexible Spending Account
• Health Savings Account
• Tuition Reimbursement
• Ability to Participate in Employee Stock Purchase Program (ESPP)
• Mental Wellness Benefits through Spring Health
• Family-Forming support provided by Carrot
• Paid Parental Leave
• Flexible, full-service childcare support with Kinside
• 401(k) with a generous employer match
• Flexible PTO
• Catered lunch each day in our office and data center locations
• A casual work environment
• A work culture focused on innovative disruption

Our Workplace:

• While we prioritize a hybrid work environment, remote work may be considered for candidates located more than 30 miles from an office, based on role requirements for specialized skill sets. New hires will be invited to attend onboarding at one of our hubs within their first month. Teams also gather quarterly to support collaboration.

XML job scraping automation by YubHub

This is a hands-on security engineering role; not a GRC or project management role. You'll identify the frameworks that apply, architect the vessel's security to satisfy them, and drive authorization to completion. Where standards don't yet exist, you'll define them.

Key Responsibilities:

• Own the security posture for one or more vessel programs from architecture through fielding, serving as the responsible security engineer for the product
• Drive threat modeling across vessel subsystems including embedded compute, communications, navigation, propulsion controls, sensor fusion, and C2 interfaces and define security architectures, trust boundaries, and segmentation strategies based on findings
• Identify and mitigate security risks unique to autonomous maritime platforms, including GPS/GNSS spoofing, RF interference, sensor manipulation, supply chain compromise, and physical access threats
• Own the end-to-end authorization lifecycle for vessel programs, from initial security planning through ATO or equivalent customer authorization milestones
• Navigate DoD cybersecurity authorization frameworks including RMF, CSRMC, and service-specific requirements across Navy, Coast Guard, Marine Corps, and joint programs
• Prepare and maintain authorization artifacts, security documentation, and evidence packages that satisfy Authorizing Officials and program offices
• Identify and map applicable compliance frameworks for each vessel and customer segment including NIST SP 800-53, NIST SP 800-171, CMMC 2.0, FedRAMP, IEC 62443, IMO MASS Code, and IACS UR E26/E27 and proactively define Saronic's compliance posture where standards are still emerging
• Engage directly with government program offices, Authorizing Officials, DOT&E evaluators, and classification societies as a credible technical representative of Saronic's security posture
• Support cybersecurity testing and evaluation efforts, including preparation for operational test events, red team assessments, and cooperative vulnerability assessments
• Partner with supply chain and manufacturing teams to address hardware provenance, firmware integrity, and anti-tamper requirements for production vessels
• Work with Legal and Contracts to ensure security and compliance requirements are accurately reflected in customer agreements, proposals, and contract deliverables

Required Qualifications:

• 6+ years of hands-on experience in product security, systems security engineering, authorization engineering, or a closely related security engineering role for defense or high-assurance platforms
• Strong understanding of DoD cybersecurity authorization processes (RMF, ATO/IATT, CSRMC, continuous ATO) with experience contributing to or driving systems through authorization
• Working knowledge of NIST SP 800-53, NIST SP 800-171, and CMMC 2.0 and their application to weapons systems, autonomous platforms, or similarly complex defense products
• Experience with threat modeling, security architecture, or risk assessment for cyber-physical systems, embedded systems, or operational technology environments
• Strong technical foundation, able to read architecture diagrams, evaluate security controls at a systems level, and hold credible technical conversations with hardware, software, and cloud engineers
• Ability to clearly communicate with both technical and non-technical stakeholders, including production of security documentation and authorization artifacts
• Ownership mindset with the ability to operate in ambiguity, define the path forward, and move work to completion across teams
• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience as a product security lead, systems security engineer, or authorization lead for a defense platform or program of record
• Direct experience engaging with government Authorizing Officials, program offices, or DOT&E as a technical security representative
• Experience in defense technology startups, DARPA programs, or organizations that move at speed within the defense acquisition system
• Familiarity with maritime-specific frameworks including IMO MASS Code, IACS UR E26/E27, IEC 62443, or classification society autonomous vessel rules
• Understanding of autonomous systems security challenges including communications security, electronic warfare hardening, GPS/GNSS resilience, and AI/ML system security
• Experience with ITAR/EAR compliance, supply chain security, or manufacturing security for defense products
• Familiarity with the defense acquisition lifecycle and how authorization milestones integrate into program schedules

Additional Information:

• Benefits: Medical Insurance, Dental and Vision Insurance, Time Off, Parental Leave, Competitive Salary, Retirement Plan, Stock Options, Life and Disability Insurance, Pet Insurance
• This role requires access to export-controlled information or items that require “U.S. Person” status.

XML job scraping automation by YubHub