Security Engineer, Hardware Security

Saronic Technologies•Austin, Texas• Full Time

Posted 1 month ago• Security

Job Description

Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.

Security at Saronic is a force multiplier. We're seeking a Security Engineer at the senior-level or above focused on hardware, embedded systems, and firmware security to own the security posture of Saronic's vessel hardware platforms from silicon to system. You will be the technical authority on hardware root of trust, secure boot, firmware integrity, embedded system hardening, and the security of third-party hardware integrations. Your work ensures that every component on the vessel is resilient against tampering, exploitation, and supply chain compromise, designed in from the start and maintained across the fleet lifecycle.

Key Responsibilities:

Conduct hardware security assessments including fault injection, side-channel analysis, interface evaluation, and bus protocol analysis across Saronic-built and third-party hardware including sensors, radios, navigation systems, propulsion controllers, and communication modules

Evaluate and harden physical interfaces, debug ports, maintenance access points, and removable media interfaces on vessel hardware

Evaluate supply chain security risks for hardware components and recommend provenance validation, anti-tamper, and attestation controls

Develop and maintain a hardware security testing capability including tooling, methodology, and repeatable test procedures

Design and implement secure boot chains establishing hardware root of trust from power-on through application launch, integrating TPM, secure elements, and HSMs for device identity, key storage, measured boot, and remote attestation

Design and implement secure firmware update mechanisms including signed updates, rollback protection, and verified delivery across the fleet

Own the cryptographic key lifecycle for hardware-bound keys, including provisioning, rotation, revocation, and escrow

Harden embedded Linux systems on vessel platforms, including kernel configuration, mandatory access controls, secure IPC, and attack surface reduction

Secure operational technology protocols and interfaces used in vessel control systems, propulsion, navigation, and sensor fusion including CAN bus, NMEA, and maritime/industrial communication protocols

Define security boundaries, trust zones, and segmentation strategies for vessel-internal compute and communication architectures

Drive threat modeling across vessel hardware subsystems and translate findings into actionable engineering requirements

Produce secure-by-design reference architectures and define hardware and firmware security standards, testing requirements, and acceptance criteria integrated into engineering workflows

Required Qualifications:

6+ years of hands-on experience in hardware security, embedded systems security, firmware security, or a closely related security engineering role

Deep expertise in hardware hacking techniques including fault injection, side-channel attacks, JTAG/SWD exploitation, bus sniffing/injection, and physical security assessments

Demonstrated experience designing and implementing secure boot chains, hardware root of trust, and secure firmware update mechanisms in production systems

Strong experience assessing third-party hardware integrations and evaluating supply chain security risks

Deep knowledge of embedded Linux security hardening, kernel security, and mandatory access control frameworks

Experience with operational technology security, industrial protocols, or control system security

Proficiency in C, C++, Python, or Rust in the context of firmware, embedded, or systems-level security work, and with hardware security testing tools

Ability to obtain and maintain a security clearance

Preferred Qualifications:

Experience in defense, aerospace, robotics, autonomy, maritime, or other high-assurance environments

Experience with autonomous systems, unmanned vehicles, or safety-critical embedded platforms

Experience with RTOS, microcontroller security, or resource-constrained device environments

Knowledge of CAN bus, NMEA protocols, maritime communication systems, RF/GPS/GNSS security, or ICS security standards

Familiarity with defense or safety-critical compliance frameworks (NIST SP 800-53, IEC 62443, Common Criteria, or equivalent)

Relevant certifications such as OSEE, GXPN, GSE, or hardware-focused credentials

Benefits:

Medical Insurance: Comprehensive health insurance plans covering a range of services

Saronic pays 100% of the premium for employees and 80% for dependents

Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care

Saronic pays 100% of the premium under the basic plan for employees and 80% for dependents

Time Off: Generous PTO and Holidays

Parental Leave: Paid maternity and paternity leave to support new parents

Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses

Retirement Plan: 401(k) plan

Stock Options: Equity options to give employees a stake in the company’s success

Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage

Pet Insurance: Discounted pet insurance options including 24/7 Telehealth helpline

Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office

This role requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in 8 U.S.C. 1324b(a)(3).

Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.