Slingshot Aerospace is seeking a hands-on, technical engineer focused on Information Security & GRC Manager to protect the systems, cloud infrastructure, data, and intellectual property that power our mission to make space safer, smarter, and more connected.
Requirements
- Act as the senior escalation point for Information Security, GRC, and IT across identity, endpoint, network, cloud, and SaaS ecosystems.
- Partner with IT on joiner/mover/leaver (JML) lifecycle operations, secure configurations, patch management, device compliance, and SaaS administration.
- Lead engineering projects including security platform buildouts, integrations, migrations, and modernization efforts.
- Maintain runbooks, SOPs, hardening guides, operational baselines, and technical documentation aligned with CMMC 2.0, NIST 800-171, ISO 27001, SOC 2, and internal governance.
- Provide security architecture and design guidance to Engineering, Product, Data, and Operations teams.
- Deliver regular security metrics, risk posture reporting, and compliance status updates to leadership and customers.
- Manage and secure Azure, Microsoft 365, Entra ID, Conditional Access, Intune, Defender, and Purview DLP/Insider Risk.
- Operate CrowdStrike Falcon (EDR, behavioral detections, OS hardening) and Zscaler ZIA/ZPA (secure web gateway, private access, posture checks, traffic inspection).
- Oversee VPN/firewall governance, secure remote access, and enterprise browser management platforms.
- Govern cloud posture using Wiz or similar CSPM/CNAPP tools across AWS and Azure.
- Use modern vulnerability and configuration management tools across cloud, endpoint, and SaaS environments.
- Manage identity & SaaS governance including Okta/Entra SSO, RBAC, and access reviews.
- Manage MDM platforms (Intune, Addigy ) for secure configuration and OS governance.
- Govern GitHub Enterprise security including SSO, permissions, branch protections, scanning, and CI/CD guardrails.
- Strengthen Zero Trust across identity, device, network, and cloud.
- Lead end-to-end incident response including detection, triage, containment, recovery, forensics, and corrective actions.
- Maintain and refine SIEM/SOAR or equivalent log analytics for high-fidelity alerts and correlation.
- Build automation using Python, PowerShell, or Go for evidence, monitoring, configuration validation, and remediation.
- Govern SaaS access, vendor permissions, app approvals, and shadow IT remediation.
- Support DNS security, certificate lifecycle management, segmentation, and secure remote connectivity.
- Improve disaster recovery (DR) and business continuity (BCP) through structured testing and validation.
- Manage data classification, encryption, retention, access controls, and lifecycle protections across endpoints and cloud/SaaS.
- Operate Microsoft Purview DLP, information protection, and insider-risk features.
- Partner with Product, Engineering, Data, and Legal to ensure secure data handling.
- Support AI governance including model/vendor risk assessments, data sanitization, and secure AI usage patterns.
- Ensure secure adoption of emerging technologies (AI, automation, analytics).
- Own compliance across CMMC 2.0, NIST 800-171, ISO 27001 and other frameworks as needed : SOC 2, Cyber Essentials Plus, GDPR, and customer-required frameworks.
- Maintain SSPs, POA&Ms, diagrams, inventories, control mappings, risk assessments, policies, and audit evidence.
- Use Vanta and Paramify for continuous monitoring and evidence readiness.
- Maintain submissions and scoring in SPRS and eMASS.
- Lead vendor and third-party risk management including assessments and supply chain documentation.
- Partner with Sales, Growth, Legal, and Customer teams for RFIs, RFPs, questionnaires, and assurance activities.
- Own and administer the KnowBe4 program.
- Deliver role-based and companywide training and simulations.
- Track participation, behavior trends, and measurable risk reduction.
- Integrate security training into onboarding and recurring training cycles.
Benefits
- Generous Paid Time Off
- 401k Matching
- Retirement Plan
- Visa Sponsorship
- Four Day Work Week
- Generous Parental Leave
- Tuition Reimbursement
- Relocation Assistance
