Security Engineer, Hardware Security

Saronic Technologies is a leader in revolutionizing autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations through autonomous and intelligent platforms.Security at Saronic is a force multiplier. We're seeking a Security Engineer focused on hardware, embedded systems, and firmware security to own the security posture of Saronic's vessel hardware platforms from silicon to system. You will be the technical authority on hardware root of trust, secure boot, firmware integrity, embedded system hardening, and the security of third-party hardware integrations. Your work ensures that every component on the vessel is resilient against tampering, exploitation, and supply chain compromise, designed in from the start and maintained across the fleet lifecycle.Key Responsibilities:Conduct hardware security assessments including fault injection, side-channel analysis, interface evaluation, and bus protocol analysis across Saronic-built and third-party hardware including sensors, radios, navigation systems, propulsion controllers, and communication modulesEvaluate and harden physical interfaces, debug ports, maintenance access points, and removable media interfaces on vessel hardwareEvaluate supply chain security risks for hardware components and recommend provenance validation, anti-tamper, and attestation controlsDevelop and maintain a hardware security testing capability including tooling, methodology, and repeatable test proceduresDesign and implement secure boot chains establishing hardware root of trust from power-on through application launch, integrating TPM, secure elements, and HSMs for device identity, key storage, measured boot, and remote attestationDesign and implement secure firmware update mechanisms including signed updates, rollback protection, and verified delivery across the fleetOwn the cryptographic key lifecycle for hardware-bound keys, including provisioning, rotation, revocation, and escrowHarden embedded Linux systems on vessel platforms, including kernel configuration, mandatory access controls, secure IPC, and attack surface reductionSecure operational technology protocols and interfaces used in vessel control systems, propulsion, navigation, and sensor fusion including CAN bus, NMEA, and maritime/industrial communication protocolsDefine security boundaries, trust zones, and segmentation strategies for vessel-internal compute and communication architecturesDrive threat modeling across vessel hardware subsystems and translate findings into actionable engineering requirementsProduce secure-by-design reference architectures and define hardware and firmware security standards, testing requirements, and acceptance criteria integrated into engineering workflowsRequired Qualifications:10 years of hands-on experience in hardware security, embedded systems security, firmware security, or a closely related security engineering roleDeep expertise in hardware hacking techniques including fault injection, side-channel attacks, JTAG/SWD exploitation, bus sniffing/injection, and physical security assessmentsDemonstrated experience designing and implementing secure boot chains, hardware root of trust, and secure firmware update mechanisms in production systemsStrong experience assessing third-party hardware integrations and evaluating supply chain security risksDeep knowledge of embedded Linux security hardening, kernel security, and mandatory access control frameworksExperience with operational technology security, industrial protocols, or control system securityProficiency in C, C , Python, or Rust in the context of firmware, embedded, or systems-level security work, and with hardware security testing toolsAbility to obtain and maintain a security clearancePreferred Qualifications:Experience in defense, aerospace, robotics, autonomy, maritime, or other high-assurance environmentsExperience with autonomous systems, unmanned vehicles, or safety-critical embedded platformsExperience with RTOS, microcontroller security, or resource-constrained device environmentsKnowledge of CAN bus, NMEA protocols, maritime communication systems, RF/GPS/GNSS security, or ICS security standardsFamiliarity with defense or safety-critical compliance frameworks (NIST SP 800-53, IEC 62443, Common Criteria, or equivalent)Relevant certifications such as OSEE, GXPN, GSE, or hardware-focused credentialsBenefits:Medical Insurance: Comprehensive health insurance plans covering a range of servicesSaronic pays 100% of the premium for employees and 80% for dependentsDental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision careSaronic pays 100% of the premium under the basic plan for employees and 80% for dependentsTime Off: Generous PTO and HolidaysParental Leave: Paid maternity and paternity leave to support new parentsCompetitive Salary: Industry-standard salaries with opportunities for performance-based bonusesRetirement Plan: 401(k) plan with company matchStock Options: Equity options to give employees a stake in the company’s successLife and Disability Insurance: Basic life insurance and short- and long-term disability coveragePet Insurance: Discounted pet insurance options including 24/7 Telehealth helplineAdditional Perks: Free lunch benefit and unlimited free drinks and snacks in the officeThis role requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in 8 U.S.C. 1324b(a)(3). Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.