Software Security Engineer

About Castelion

Castelion is bringing a new approach to defense development and production: one that focuses on short, iterative design cycles, rapid testing in development, and modern commercial manufacturing strategies for production at scale. Were designing, building, and testing next generation long range strike weapon systems to give America and its Allies a definitive edge and deter future conflicts.

Software Security Engineer

As a Software Security Engineer at Castelion, you will architect and implement the cryptographic foundations that secure our flight systems. You will own encryption, code signing, secure boot, and key management across embedded platforms, ensuring the integrity, authenticity, and confidentiality of mission-critical systems.

You will work closely with embedded, avionics, and infrastructure engineers to integrate security directly into the full software and hardware stack from manufacturing provisioning through flight operations. We seek engineers who think in systems, understand threat models deeply, and can translate cryptographic principles into practical, resilient implementations in constrained environments.

Responsibilities

• Secure Boot & Root of Trust: Design and implement secure boot chains, hardware-backed root of trust mechanisms, and firmware verification processes for embedded flight systems.
• Cryptography & Encryption: Develop and integrate cryptographic protocols and libraries (e.g., symmetric/asymmetric encryption, key exchange, digital signatures) for embedded and distributed systems.
• Code Signing & Update Security: Own software signing infrastructure and verification workflows to ensure authenticity and integrity of firmware, flight software, and field updates.
• Key Management & Provisioning: Design secure key generation, storage, rotation, and provisioning systems across development, manufacturing, and deployed environments.
• Secure Communications: Implement and review authenticated and encrypted communication channels between vehicle, ground systems, and internal subsystems.
• Threat Modeling & Hardening: Conduct threat modeling and security reviews across the software stack. Identify vulnerabilities and implement practical mitigations aligned with mission constraints.
• Cross-Functional Integration: Partner with embedded, avionics, hardware, and infrastructure teams to embed security principles into system architecture from initial design through deployment.

Basic Qualifications

• Bachelors degree in Computer Science, Computer Engineering, Electrical Engineering, or related STEM field
• 3+ years of professional experience in software engineering with exposure to applied cryptography or security engineering
• Experience implementing encryption, authentication, or digital signature systems in C, C++, Rust, or similar systems languages
• Strong understanding of cryptographic fundamentals (PKI, TLS, key exchange, hashing, signatures)
• Experience working in Linux-based or embedded environments

Preferred Skills and Experience

• Experience implementing secure boot or hardware root-of-trust mechanisms
• Experience with code signing pipelines and artifact verification
• Familiarity with TPMs, HSMs, or secure elements
• Experience in embedded, aerospace, defense, or other safety-critical systems
• Experience designing secure provisioning workflows in manufacturing environments
• Understanding of real-time systems and resource-constrained devices
• Experience with mTLS, certificate lifecycle management, and replay protection mechanisms

Leadership Qualities

• Bias to Action and Creative Problem Solving. Desire and experience questioning assumptions in ways that lead to break through ideas that are ultimately implemented. Successfully bring in applicable processes/concepts/materials from other industries to achieve efficiency gains. Ability to personally resolve minor issues in development without requiring significant support.
• High Commitment, High Initiative. A successful candidate will have a genuine passion for Castelion's mission and consistently look for ways to contribute to the company's technical goals and prevent hardware blockers. Ability to work in a fast paced, autonomously driven, and demanding atmosphere. Strong sense of accountability and integrity.
• Clear Communicator. Proactively communicates blockers. Trusted in previous roles to be voice of company with regulators, suppliers, gate keepers and customers. Capable of tactfully managing relationships with stakeholders to achieve company-desired outcomes without compromising relationships. Emails, IMs and verbal interactions are logical, drive clarity, and detailed enough to eliminate ambiguity.

ITAR Requirements

• To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State.

Employment with Castelion is governed on the basis of competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

All employees are granted long-term stock incentives as part of their employment at Castelion. All employees receive access to comprehensive medical, vision, and dental insurance, and the company offers four weeks of paid time off per year.