Platform Security Engineer

Saronic

Austin, United States

October 31, 2025

Apply Now

Platform Security Engineer

Austin, Texas
Cybersecurity /
Full Time /
On-site
Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.

Saronic Technologies is a leader in defense autonomy at sea. We’re seeking
a Platform Security Engineer to secure the cloud/edge where vessels,
operators, and customers meet. You’ll own identity and access patterns,
secrets and key management, secure network posture, and policy-as-code
guardrails—working across AWS (including GovCloud), Terraform
infrastructure, and service code to deliver trustworthy, auditable systems.

Senior Engineers: 3+ years securing production cloud platforms (identity,
secrets/KMS, network posture), preferably in autonomy, robotics,
aerospace, or defense.

Staff Engineers: 8+ years including technical leadership across secure-by-
default platform modules, short-lived credential issuance, and cross-account
policy design; demonstrated ownership from design through operational
rollout.

Key Responsibilities

    • Design, develop, and maintain secure-by-default infrastructure on
    • AWS using Terraform (ALB/OIDC, IAM, KMS, Secrets Manager, Route53, VPC/SGs).
    • Standardize OIDC at the edge (ALB/ingress) for internal and external applications; define scopes, claims, and token lifecycles.
    • Own secrets and key management: KMS key policies, rotation schedules, cross-account access, and automated issuance for services and tools.
    • Enforce IMDSv2 required, least-privilege IAM roles, and tight security groups across modules; add CI/policy checks to prevent regressions.
    • Design secure protocols/APIs for service↔service and boat↔cloud communication (mTLS/TLS, certificate issuance/rotation, revocation).
    • Manage short-lived credentials used by fleet/overlay services; implement rotation, auditing, and incident response runbooks.
    • Prefer service-mediated S3 access over broad pre-signed URLs; codify bucket policies, logging, and access boundaries.
    • Build centralized, tamper-evident logging and audit trails; integrate detections and metrics to validate control effectiveness.
    • Perform threat modeling and security reviews; document patterns and drive adoption via reusable modules and guides.
    • Troubleshoot complex security issues in production; lead post-incident reviews and drive remediation to closure.
    • Stay current on cloud security best practices, especially for defense/government environments.

Required Qualifications:

    • Bachelor’s or Master’s degree in Computer Science, Software/Computer/Electrical Engineering, or a related field.
    • 3+ years building on AWS with Terraform (ALB/ELB, IAM, KMS, Secrets Manager, Route53, VPC/SGs).
    • Strong knowledge of cryptographic and IAM fundamentals (key policies, rotation, certificates, OIDC/OAuth2).
    • Demonstrated experience enforcing IMDSv2, least-privilege roles, and network controls at scale.
    • Experience designing secure protocols/APIs and integrating auth into service code (e.g., Go/Rust/TypeScript).
    • Proven ability to perform threat modeling and conduct design/code security reviews.
    • Excellent problem-solving and communication skills; effective collaboration across platform, embedded, and field teams.
    • This role requires the ability to obtain and maintain a security clearance

Preferred Qualifications:

    • Experience in AWS GovCloud, multi-account landing zones, and cross-account KMS/Secrets patterns
    • Familiarity with fleet/overlay VPN access control and short-lived credential issuance
    • Policy-as-code guardrails (e.g., OPA/Conftest, Terraform validations), drift detection, and CI integration
    • Centralized logging/SIEM and cloud threat detection (e.g., CloudTrail, GuardDuty) with audit readiness
    • PKI/CA management and, ideally, hardware roots of trust (TPM/secure elements) at the edge
    • DoD/defense domain familiarity and prior work under export-controlled constraints
Benefits:
Medical Insurance: Comprehensive health insurance plans covering a range of services
Saronic pays 100% of the premium for employees and 80% for dependents
Dental and Vision Insurance: Coverage for routine dental check-ups, orthodontics, and vision care
Saronic pays 99% of the premium for employees and 80% for dependents
Time Off: Generous PTO and Holidays
Parental Leave: Paid maternity and paternity leave to support new parents
Competitive Salary: Industry-standard salaries with opportunities for performance-based bonuses
Retirement Plan: 401(k) plan
Stock Options: Equity options to give employees a stake in the company’s success
Life and Disability Insurance: Basic life insurance and short- and long-term disability coverage
Additional Perks: Free lunch benefit and unlimited free drinks and snacks in the office 

This role requires access to export-controlled information or items that require “U.S. Person” status. As defined by U.S. law, individuals who are any one of the following are considered to be a “U.S. Person”: (1) U.S. citizens, (2) legal permanent residents (a.k.a. green card holders), and (3) certain protected classes of asylees and refugees, as defined in . 

Saronic does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.


Apply Now