Merlin Labs

Information Systems Security Engineer

Merlin Labs$100K — $130K *
Aerospace & Defense
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree with 5 years of cybersecurity experience on DoD or government programs.
  • Direct experience with RMF accreditation and authorization processes.
  • Hands-on experience with vulnerability assessment tools such as Tenable NESSUS and ACAS.
  • Active security clearance, with TS preferred.
  • Familiarity with DISA SRGs and STIGs.

Responsibilities

  • Apply security engineering methods in program architecture and design early in the process.
  • Support RMF accreditation and develop body of evidence for security assessments.
  • Engage with government customers to define security requirements with precision.
  • Verify compliance with DISA SRGs and STIGs in program environments.
  • Conduct vulnerability assessments and manage system security posture.
  • Advise on the selection of software tools in line with DoD security processes.
  • Integrate security into CI/CD pipelines for government deliverables.

Benefits

  • Catered lunches with a rotating menu.
  • Assorted snacks and beverages available on site.
  • Unlimited vacation policy.
  • 401k plan with company match.
  • Comprehensive health, dental, and life insurance.
Full Job Description
About you:

You have spent years working inside the DoD ecosystem and you know what program security actually looks like. You have sat in customer meetings where security requirements get argued over, built authorization packages that survived an assessor, and spent enough time with systems developers and government security reps to know that the best security engineers are the ones who show up before the design is finalized. You approach security as a systems problem and you bring the technical depth to back it up.

Merlin Labs builds autonomous aviation systems for demanding defense customers, and we are looking for a security engineer who wants to help us do that correctly. You will be working alongside engineers who care about getting this right, interfacing with government customers directly, and shaping how security engineering gets done at a company that is growing fast and taking on more complex programs. If that is the kind of ownership you are looking for, this is the role.

Responsibilities:

  • Apply systems security engineering methods across the architecture, design, evaluation, and integration of Merlin's defense programs and products, working alongside engineering teams to embed security requirements early rather than retrofitting them once a system is built.
  • Support RMF accreditation and authorization activities for supported programs, including categorization, controls selection and implementation, security assessment, and body of evidence package development through all required RMF steps.
  • Engage with government customers and their security representatives to define, document, and implement security protection requirements with the technical rigor and fidelity that DoD authorization demands.
  • Apply and verify DISA SRGs and STIGs across program environments, and maintain the configuration management processes that keep systems compliant as they evolve through their operational lifecycle.
  • Conduct vulnerability assessments using tools such as Tenable NESSUS and ACAS, coordinate remediation with engineering teams, and manage the ongoing security posture of supported systems.
  • Evaluate and advise on the selection of COTS, GOTS, and open-source tools entering the program environment, following DoD-approved software approval processes and ensuring security implications are understood before adoption.
  • Support DevSecOps security integration by bringing defense-grade practices into our CI/CD pipeline, including static application security testing and security-gated build processes for government-facing deliverables.


Qualifications:

  • Bachelor's degree with 5 years of cybersecurity experience on DoD or government programs.
  • Direct experience with RMF accreditation and authorization, including body of evidence package development and working with government ISSOs, SCAs, or authorizing official representatives through the authorization lifecycle.
  • Hands-on experience applying DISA SRGs and STIGs and conducting vulnerability assessments with tools such as Tenable NESSUS, ACAS, or SCC.
  • Active clearance. TS preferred.


Nice to Have:

  • Experience with government and commercial security tooling and security integration in a DevSecOps environment, or equivalent tools used in a defense or government program context.
  • Familiarity with SIEM platforms and development of detection rulesets and dashboards in a defense program or enterprise security context.
  • Background in aerospace, aviation, autonomous systems, or another safety-critical engineering domain where security and reliability requirements intersect.


This position is based on-site at Merlin HQ in Boston, MA.

Once you're here, you'll enjoy a variety of on-site perks designed to make your workday enjoyable and convenient. These include catered lunches featuring a rotating menu of delicious options, an assortment of snacks to keep you fueled throughout the day, and a selection of beverages, including coffee, tea, and other drinks, to keep you refreshed.

Our goal is to create an environment where you can thrive both professionally and personally

Merlin Labs offers an innovative, entrepreneurial, and team-focused startup environment. We also offer a top-notch benefits package (health, dental, life, unlimited vacation, and 401k with match) and work/life integration. Being part of the Merlin team allows you to become part of a small team that supports professional development while working together to achieve our mission.

About Merlin Labs

Merlin Labs is an aerospace company that develops autonomous flight technology for small aircraft. The company's technology is designed to enable small planes to fly themselves, reducing the need for human pilots and making air travel more efficient and accessible. The company was founded in 2018 and is based in Menlo Park, California.
Learn more about Merlin Labs
Size
50 employees
Industry
Founded
2018

Similar Jobs

More Jobs at Merlin Labs

More Aerospace & Defense Jobs

Find similar Information Systems Security Engineer jobs: