🛠 Tech Stack

💼 About This Role

You'll own the application security posture for Saronic's software platforms built on Rust and NixOS. You'll drive threat modeling, secure code review, and vulnerability management while hardening CI/CD pipelines and deployment infrastructure. This role spans from source to runtime for autonomous maritime systems.

🎯 What You'll Do

• Lead secure code review, SAST, DAST, and fuzzing efforts for Rust services.
• Conduct threat modeling and translate findings into security requirements.
• Harden NixOS configurations for vessel platforms and development infrastructure.
• Design secure deployment patterns for vessel software updates with integrity verification.

📋 Requirements

• 6+ years experience in application security or DevSecOps.
• Strong experience with Rust security including safe/unsafe boundaries and memory safety.
• Demonstrated experience securing Linux-based systems with NixOS.
• Deep expertise in CI/CD pipeline security including supply chain integrity (SLSA).

✨ Nice to Have

• Experience in defense, aerospace, or high-assurance environments.
• Hands-on NixOS experience including derivations, flakes, and custom modules.
• Familiarity with NIST SP 800-171 or supply chain signing frameworks.