Information Systems Security Engineer

Merlin LabsBoston, MA
Onsite

About The Position

Merlin Labs builds autonomous aviation systems for demanding defense customers, and we are looking for a security engineer who wants to help us do that correctly. You will be working alongside engineers who care about getting this right, interfacing with government customers directly, and shaping how security engineering gets done at a company that is growing fast and taking on more complex programs. If that is the kind of ownership you are looking for, this is the role.

Requirements

  • Bachelor's degree with 5 years of cybersecurity experience on DoD or government programs.
  • Direct experience with RMF accreditation and authorization, including body of evidence package development and working with government ISSOs, SCAs, or authorizing official representatives through the authorization lifecycle.
  • Hands-on experience applying DISA SRGs and STIGs and conducting vulnerability assessments with tools such as Tenable NESSUS, ACAS, or SCC.
  • Active clearance. TS preferred.

Nice To Haves

  • Experience with government and commercial security tooling and security integration in a DevSecOps environment, or equivalent tools used in a defense or government program context.
  • Familiarity with SIEM platforms and development of detection rulesets and dashboards in a defense program or enterprise security context.
  • Background in aerospace, aviation, autonomous systems, or another safety-critical engineering domain where security and reliability requirements intersect.

Responsibilities

  • Apply systems security engineering methods across the architecture, design, evaluation, and integration of Merlin's defense programs and products, working alongside engineering teams to embed security requirements early rather than retrofitting them once a system is built.
  • Support RMF accreditation and authorization activities for supported programs, including categorization, controls selection and implementation, security assessment, and body of evidence package development through all required RMF steps.
  • Engage with government customers and their security representatives to define, document, and implement security protection requirements with the technical rigor and fidelity that DoD authorization demands.
  • Apply and verify DISA SRGs and STIGs across program environments, and maintain the configuration management processes that keep systems compliant as they evolve through their operational lifecycle.
  • Conduct vulnerability assessments using tools such as Tenable NESSUS and ACAS, coordinate remediation with engineering teams, and manage the ongoing security posture of supported systems.
  • Evaluate and advise on the selection of COTS, GOTS, and open-source tools entering the program environment, following DoD-approved software approval processes and ensuring security implications are understood before adoption.
  • Support DevSecOps security integration by bringing defense-grade practices into our CI/CD pipeline, including static application security testing and security-gated build processes for government-facing deliverables.

Benefits

  • health
  • dental
  • life
  • unlimited vacation
  • 401k with match
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service