Infosec Engineering & GRC Manager

Position Summary 

Slingshot Aerospace is seeking a hands-on, technical engineer focused on Information Security & GRC Manager to protect the systems, cloud infrastructure, data, and intellectual property that power our mission to make space safer, smarter, and more connected. This role blends information security engineering, platform and systems ownership, cloud and identity architecture, and governance, risk, and compliance (GRC) while partnering closely with IT and Engineering on day-to-day operations. You will serve as the senior technical escalation point for Information Security and IT, own and operate core security platforms, strengthen Zero Trust and identity controls, lead incident response, drive automation, maintain continuous audit readiness, and lead Slingshot’s security awareness training program.  

Information Security Engineering & IT Partnership 

• Act as the senior escalation point for Information Security, GRC, and IT across identity, endpoint, network, cloud, and SaaS ecosystems.
• Partner with IT on joiner/mover/leaver (JML) lifecycle operations, secure configurations, patch management, device compliance, and SaaS administration.
• Lead engineering projects including security platform buildouts, integrations, migrations, and modernization efforts.
• Maintain runbooks, SOPs, hardening guides, operational baselines, and technical documentation aligned with CMMC 2.0, NIST 800-171, ISO 27001, SOC 2, and internal governance.
• Provide security architecture and design guidance to Engineering, Product, Data, and Operations teams.
• Deliver regular security metrics, risk posture reporting, and compliance status updates to leadership and customers. 

Platform Ownership & Zero Trust Architecture 

• Manage and secure Azure, Microsoft 365, Entra ID, Conditional Access, Intune, Defender, and Purview DLP/Insider Risk.
• Operate CrowdStrike Falcon (EDR, behavioral detections, OS hardening) and Zscaler ZIA/ZPA (secure web gateway, private access, posture checks, traffic inspection).
• Oversee VPN/firewall governance, secure remote access, and enterprise browser management platforms.
• Govern cloud posture using Wiz or similar CSPM/CNAPP tools across AWS and Azure.
• Use modern vulnerability and configuration management tools across cloud, endpoint, and SaaS environments.
• Manage identity & SaaS governance including Okta/Entra SSO, RBAC, and access reviews.
• Manage MDM platforms (Intune, Addigy ) for secure configuration and OS governance.
• Govern GitHub Enterprise security including SSO, permissions, branch protections, scanning, and CI/CD guardrails.
• Strengthen Zero Trust across identity, device, network, and cloud. 

Security Operations & Automation

• Lead end-to-end incident response including detection, triage, containment, recovery, forensics, and corrective actions.
• Maintain and refine SIEM/SOAR or equivalent log analytics for high-fidelity alerts and correlation.
• Build automation using Python, PowerShell, or Go for evidence, monitoring, configuration validation, and remediation.
• Govern SaaS access, vendor permissions, app approvals, and shadow IT remediation.
• Support DNS security, certificate lifecycle management, segmentation, and secure remote connectivity.
• Improve disaster recovery (DR) and business continuity (BCP) through structured testing and validation. 

Data Security & AI Governance 

• Manage data classification, encryption, retention, access controls, and lifecycle protections across endpoints and cloud/SaaS.
• Operate Microsoft Purview DLP, information protection, and insider-risk features.
• Partner with Product, Engineering, Data, and Legal to ensure secure data handling.
• Support AI governance including model/vendor risk assessments, data sanitization, and secure AI usage patterns.
• Ensure secure adoption of emerging technologies (AI, automation, analytics). 

Governance, Risk & Compliance (GRC) 

You will own compliance across CMMC 2.0, NIST 800-171, ISO 27001 and other frameworks as needed : SOC 2, Cyber Essentials Plus, GDPR, and customer-required frameworks. Maintain SSPs, POA&Ms, diagrams, inventories, control mappings, risk assessments, policies, and audit evidence. Use Vanta and Paramify for continuous monitoring and evidence readiness. Maintain submissions and scoring in SPRS and eMASS. Lead vendor and third-party risk management including assessments and supply chain documentation. Partner with Sales, Growth, Legal, and Customer teams for RFIs, RFPs, questionnaires, and assurance activities. 

Security Awareness & Training 

• Own and administer the KnowBe4 program.
• Deliver role-based and companywide training and simulations.
• Track participation, behavior trends, and measurable risk reduction.
• Integrate security training into onboarding and recurring training cycles. 

Basic Qualifications 

• CISSP certification.
• 8+ years of experience across Information Security, IT, and GRC.
• Hands-on experience operating and maturing CMMC 2.0 and NIST 800-171.
• Strong experience with Azure, M365, Entra ID, Intune, Defender, Purview, AWS, CrowdStrike, Zscaler, and Wiz or similar CSPM/CNAPP.
• Experience with GitHub Enterprise, SaaS security, enterprise browser management, and MDM (Intune/Addigy).
• Experience with Vanta/Paramify.
• Scripting/automation skills in Python, PowerShell, or Go.
• Strong communication skills across technical and non-technical stakeholders.
• U.S. citizenship and TS/SCI eligibility required. 

Preferred Qualifications 

• CMMC Certified Professional (CCP) or ability to obtain.
• Experience with ISO 27001, SOC 2, GDPR, and Cyber Essentials Plus.
• Experience with secure SDLC, CI/CD, and DevSecOps.
• Experience supporting U.K./E.U. sovereignty requirements.
• Experience in defense, aerospace, or other regulated environments. 

Why Slingshot 

Slingshot Aerospace builds technology used for mission-critical decisions in national security, defense, and space operations. As the Infosec Engineering & GRC Manager, you will shape the systems, controls, engineering practices, and compliance frameworks that protect Slingshot’s global mission. 

Location, Clearance & Compensation

• Remote (United States)
• U.S. citizenship and TS/SCI eligibility required
• Salary Range: $120,000 – $190,000 

US-based Candidates: we are currently only able to hire residents of the following U.S. states: AZ, CA, CO, DC, FL, GA, HI, IL, IN, KS, MD, MA, MI, MN, MO, MT, NV, NJ, NM, NY, NC, OR, RI, TN, TX, UT, VT, VA, WA, WV, and WI. We are unable to consider candidates residing in other U.S. states at this time.

Internationally-based Candidates: we are currently only able to hire residents of the following locations: United Kingdom. We are unable to consider candidates residing in other countries at this time.

Equity, Diversity & Inclusion are key to our success. We are an Equal Opportunity Employer and our employees are people with different strengths, experiences, and backgrounds, who share a passion for creating a safer, more connected world. Diversity not only includes race and gender identity, but also national origin, citizenship, sex, color, veteran status, disability, genetic information, or any other protected characteristic that is part of one’s identity. All of our employees’ points of view are key to our success, and we embrace individuality.