Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Merlin Labs

Information Systems Security Engineer

Merlin Labs

Security Engineer working on autonomous aviation systems for demanding defense customers. Engaging in complex security engineering tasks and government relations.

Posted 7/9/2026full-timeBoston • Massachusetts • 🇺🇸 United StatesMid-LevelSeniorWebsite

Tech Stack

Tools & technologies
Cyber SecurityTypeScript

About the role

Key responsibilities & impact
  • Apply systems security engineering methods across the architecture, design, evaluation, and integration of Merlin's defense programs and products, working alongside engineering teams to embed security requirements early rather than retrofitting them once a system is built.
  • Support RMF accreditation and authorization activities for supported programs, including categorization, controls selection and implementation, security assessment, and body of evidence package development through all required RMF steps.
  • Engage with government customers and their security representatives to define, document, and implement security protection requirements with the technical rigor and fidelity that DoD authorization demands.
  • Apply and verify DISA SRGs and STIGs across program environments, and maintain the configuration management processes that keep systems compliant as they evolve through their operational lifecycle.
  • Conduct vulnerability assessments using tools such as Tenable NESSUS and ACAS, coordinate remediation with engineering teams, and manage the ongoing security posture of supported systems.
  • Evaluate and advise on the selection of COTS, GOTS, and open-source tools entering the program environment, following DoD-approved software approval processes and ensuring security implications are understood before adoption.
  • Support DevSecOps security integration by bringing defense-grade practices into our CI/CD pipeline, including static application security testing and security-gated build processes for government-facing deliverables.

Requirements

What you’ll need
  • Bachelor's degree with 5 years of cybersecurity experience on DoD or government programs
  • Direct experience with RMF accreditation and authorization, including body of evidence package development and working with government ISSOs, SCAs, or authorizing official representatives through the authorization lifecycle
  • Hands-on experience applying DISA SRGs and STIGs and conducting vulnerability assessments with tools such as Tenable NESSUS, ACAS, or SCC
  • Active clearance. TS preferred.

Benefits

Comp & perks
  • catered lunches featuring a rotating menu of delicious options
  • an assortment of snacks to keep you fueled throughout the day
  • a selection of beverages, including coffee, tea, and other drinks
  • health, dental, life insurance
  • unlimited vacation
  • 401k with match
  • work/life integration
  • professional development support

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Cybersecurity ExperienceBody of Evidence Package DevelopmentSecurity AssessmentConfiguration ManagementSecurity Controls SelectionCOTS and GOTS EvaluationStatic Application Security TestingSecurity-Gated Build Processes
Soft Skills
Collaboration with Engineering TeamsEngagement with Government Customers