Description
We're seeking a Security Engineer at the senior-level or above focused on software and systems security to own the security of Saronic's software platforms, build systems, and deployment infrastructure from development through production.
As a Security Engineer, you will be the technical authority on how Saronic builds, ships, and runs secure software. You will lead secure code review, SAST, DAST, and fuzzing efforts, and define secure coding standards for Rust development including memory safety practices, safe FFI boundaries, and secure error handling.
You will conduct threat modeling for software systems and translate findings into actionable security requirements integrated into design reviews and sprint planning. You will drive vulnerability management for software dependencies, including tracking, prioritization, and remediation of vulnerabilities in third-party crates and libraries.
You will secure and harden NixOS configurations for vessel platforms and development infrastructure, leveraging Nix's reproducibility and declarative model for security enforcement. You will design system hardening profiles in NixOS including kernel hardening, service isolation, mandatory access controls, and minimal attack surface configurations.
You will define and enforce package management and dependency policies within the Nix ecosystem, ensuring build closures are auditable, reproducible, and free from unauthorized or vulnerable packages. You will architect secure system update and rollback mechanisms using NixOS capabilities, ensuring fleet-wide consistency and integrity.
You will design and implement security controls across the CI/CD pipeline including source integrity, build isolation, artifact signing, and deployment verification with build environments that are ephemeral, isolated, and hardened.
You will build and maintain software supply chain security practices aligned to SLSA framework principles, including provenance tracking, hermetic builds, signed attestations, and SBOM generation.
You will integrate security scanning (SAST, SCA, container scanning, secrets detection) into CI/CD pipelines as automated guardrails, and create self-service pipeline templates that enable teams to ship without bottlenecks.
You will design secure deployment patterns for vessel software updates, including secure delivery, integrity verification, and rollback capabilities.
You will implement runtime application security controls including logging, monitoring, and anomaly detection for deployed services.
You will define software and systems security standards, patterns, and reference architectures that engineering teams adopt as the default secure path.