MetroStar
Sr. Cloud Security Engineer I (6220)
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About MetroStar
MetroStar is a prominent digital and IT services provider based in Bloomington, IN, specializing in technology solutions for the U.S. public sector. Founded in 1999, the company focuses on mission-ready services for national security, defense, and federal civilian agencies. MetroStar emphasizes a people-first culture and operates through three business units: National Security, Defense, and Federal Civilian. The company offers a range of services, including artificial intelligence and machine learning, digital experience design, application modernization, and enterprise IT services. Their solutions incorporate human-centered design, DevOps, cloud computing, and cybersecurity to support government transformation. Notable products include the Onyx ML Platform for machine learning workflows and LabelUp, an AI labeling solution for images and videos. MetroStar is committed to enhancing national security and driving data insights while prioritizing security, scalability, and ethical AI practices.
Security at MetroStar
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“MetroStar's AppSec philosophy emphasizes a security-first approach, adopting the latest policies, continuous testing and security, and holistic cybersecurity with Zero Trust. They also focus on continuous monitoring and scanning of applications to address vulnerabilities. However, explicit AppSec charter documents or a one-line mission statement beyond product/service and blog language are not publicly available.”
Security Team
The organizational structure and reporting lines for MetroStar's AppSec team are not publicly available. Key public-facing leaders include Matt Zimmerman (VP, National Security), Jack Gumtow (SVP, Strategy & Solutions), and Tom Martwinski (Client Executive), though no public quotes from them regarding AppSec were found. The company size is estimated at "501-1,000 employees". The LinkedIn search query used was "site:linkedin.com MetroStar "application security" OR "AppSec" OR "security engineer""(geo scope: United States). No AppSec-specific job postings were found, but common skill patterns include "Platform One DevSecOps Reference Architecture"and "CI/CD pipelines".
Key Initiatives
MetroStar does not publicly provide evidence of a Security Champions Program. Their 'Shift Left' practices involve a "fully automated GitOps platform"to improve DevSecOps delivery and maturity, and "manage infrastructure as code to deploy end-to-end compute resources". Vulnerability management includes intake from "Platform One Images and Scanners"and uses "continuous monitoring and scanning of the application"to address vulnerabilities, but triage/remediation SLAs or ticketing ownership are not publicly available. Secure SDLC artifacts include "CI/CD pipelines"and "hardening base images". Recent initiatives (last 6 months) include updates to their "comprehensive-security-architecture"GitHub repository (updated) and the "quartzctl"CLI (updated Dec 2025).
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.