Platform Security Engineer - Saronic

Job Title: Platform Security Engineer
Job Location: Austin, Texas
Job Listing URL: https://jobs.lever.co/saronic/ab021e77-a6f3-4ed9-a6fe-8db245bc3ec8
Job Description: Saronic Technologies is a leader in revolutionizing defense autonomy at sea, dedicated to developing state-of-the-art solutions that enhance maritime operations for the Department of Defense (DoD) through autonomous and intelligent platforms.

Saronic Technologies is a leader in defense autonomy at sea. We’re seeking a Platform Security Engineer to secure the cloud/edge where vessels, operators, and customers meet. You’ll own identity and access patterns, secrets and key management, secure network posture, and policy-as-code guardrails—working across AWS (including GovCloud), Terraform infrastructure, and service code to deliver trustworthy, auditable systems.

Senior Engineers: 3+ years securing production cloud platforms (identity, secrets/KMS, network posture), preferably in autonomy, robotics, aerospace, or defense.

Staff Engineers: 8+ years including technical leadership across secure-by-default platform modules, short-lived credential issuance, and cross-account policy design; demonstrated ownership from design through operational rollout.
Key Responsibilities
Design, develop, and maintain secure-by-default infrastructure on
AWS using Terraform (ALB/OIDC, IAM, KMS, Secrets Manager, Route53, VPC/SGs).
Standardize OIDC at the edge (ALB/ingress) for internal and external applications; define scopes, claims, and token lifecycles.
Own secrets and key management: KMS key policies, rotation schedules, cross-account access, and automated issuance for services and tools.
Enforce IMDSv2 required, least-privilege IAM roles, and tight security groups across modules; add CI/policy checks to prevent regressions.
Design secure protocols/APIs for service↔service and boat↔cloud communication (mTLS/TLS, certificate issuance/rotation, revocation).
Manage short-lived credentials used by fleet/overlay services; implement rotation, auditing, and incident response runbooks.
Prefer service-mediated S3 access over broad pre-signed URLs; codify bucket policies, logging, and access boundaries.
Build centralized, tamper-evident logging and audit trails; integrate detections and metrics to validate control effectiveness.
Perform threat modeling and security reviews; document patterns and drive adoption via reusable modules and guides.
Troubleshoot complex security issues in production; lead post-incident reviews and drive remediation to closure.
Stay current on cloud security best practices, especially for defense/government environments.
Required Qualifications:
Bachelor’s or Master’s degree in Computer Science, Software/Computer/Electrical Engineering, or a related field.
3+ years building on AWS with Terraform (ALB/ELB, IAM, KMS, Secrets Manager, Route53, VPC/SGs).
Strong knowledge of cryptographic and IAM fundamentals (key policies, rotation, certificates, OIDC/OAuth2).
Demonstrated experience enforcing IMDSv2, least-privilege roles, and network controls at scale.
Experience designing secure protocols/APIs and integrating auth into service code (e.g., Go/Rust/TypeScript).
Proven ability to perform threat modeling and conduct design/code security reviews.
Excellent problem-solving and communication skills; effective collaboration across platform, embedded, and field teams.
This role requires the ability to obtain and maintain a security clearance
Preferred Qualifications:
Experience in AWS GovCloud, multi-account landing zones, and cross-account KMS/Secrets patterns
Familiarity with fleet/overlay VPN access control and short-lived credential issuance
Policy-as-code guardrails (e.g., OPA/Conftest, Terraform validations), drift detection, and CI integration
Centralized logging/SIEM and cloud threat detection (e.g., CloudTrail, GuardDuty) with audit readiness
PKI/CA management and, ideally, hardware roots of trust (TPM/secure elements) at the edge
DoD/defense domain familiarity and prior work under export-controlled constraints