Senior Application Security Engineer

Mission 

At Slingshot Aerospace, we build space simulation and decision intelligence technologies that empower defense, intelligence, and commercial operators. As a Senior Application Security Engineer, you’ll take ownership of securing the software, systems, and infrastructure that power real missions. This is a hands-on role focused on secure coding, container hardening, and pipeline security. You’ll work side-by-side with Software engineers, DevSecOps teams, and cyber SMEs to embed security into everything we build and deliver across cloud, hybrid, and classified environments. 

What You’ll Do 

• Work with the Cyber SME, Software Engineers, and DevSecOps teams to embed security controls throughout build, deployment, and delivery lifecycles 

• Lead application security engineering across Linux-based, containerized, and hybrid environments 

• Integrate and manage AppSec tooling including SAST, DAST, SCA, IaC scanning, and SBOM validation 

• Perform secure code reviews and threat modeling for cloud and classified systems 

• Build and maintain secure baselines for containers, Kubernetes clusters, and OS images 

• Implement hardening, identity, and access controls (RBAC, MFA, PAM) across cloud and on-prem platforms 

• Strengthen software supply chain security including artifact signing and SBOM validation 

• Collaborate across teams to automate security controls and improve visibility across builds and repositories 

• Lead investigations, post-mortems, and remediation efforts for vulnerabilities or incidents 

• Contribute to security architecture reviews and new program deployments 

Required Qualifications 

• 5+ years of professional experience in application security, DevSecOps, or related engineering roles (7+ years preferred) 

• Active Top Secret clearance (TS/SCI preferred) or ability to obtain 

• U.S. Citizenship (no duals) 

• Hands-on experience with: 

•   • Secure coding, code review, and AppSec pipeline integration 

•   • Linux hardening, Kubernetes, Docker, and infrastructure as code (Terraform, Ansible, etc.) 

•   • AppSec tooling such as SAST, DAST, SCA, IaC scanners, and secrets detection 

• Proficiency in Python, Go, Bash, or YAML 

• Familiarity with software supply chain security and modern DevSecOps practices 

Preferred Qualifications 

• CISSP, OSCP, or equivalent technical certification 

• Experience in air-gapped or enclave-based environments 

• Familiarity with hybrid identity platforms such as Okta, Keycloak, FreeIPA, or Entra ID 

• Experience reviewing IaC templates, Dockerfiles, and custom build pipelines 

• Experience securing AI or ML pipelines or GPU-based compute clusters 

• Background in automation, compliance enablement, or security operations in secure environments 

Why This Role 

This is your opportunity to build and defend systems that matter by securing the code, pipelines, and infrastructure supporting national security missions. You’ll shape Slingshot’s AppSec engineering practice, strengthen our software supply chain, and drive modern, developer-focused security at scale. Your work won’t just meet standards, it will launch missions. 

Location: US based Remote with onsite travel to secure customer environments

Clearance Required: Active TS/SCI (polygraph if applicable) or ability to obtain

Employment Type: Full Time 

Reports To: Senior Director of Information Security and IT 

Location: Remote

Travel: 15% - 35%

Salary: $116,000 - $193,000