Security Engineering Lead

Northwood is a modern space infrastructure company bringing the benefits of space to the masses through advanced communications technology. We are building a global network of phased array ground stations that enable real-time, reliable communication for satellite missions such as national security, global connectivity, and disaster response. With a vertically integrated approach, Northwood designs, builds, and rapidly deploys scalable systems that power the next generation of space missions. If you like solving complex challenges and seeing your work deployed around the world with real impact, Northwood is the place to do it.

Role:

As Security Engineering Lead, you will design, build, and own the security infrastructure that protects Northwood's ground station network, cloud environments, and corporate systems. This is a senior technical leadership role for an engineer who is equally at home architecting security platforms and mentoring a growing team.

You will lead the buildout of our SIEM and EDR capabilities, own corporate network security infrastructure including firewall management, and drive secure deployments across on-premises environments and AWS GovCloud and Microsoft GCC. You will define how Northwood engineers and operates security infrastructure at a scale and sensitivity level that does not exist elsewhere in the commercial space industry. This role reports to the Head of Security.

Responsibilities

SIEM & Detection Engineering

• Own the full lifecycle of Northwood's SIEM platform — architecture, log source onboarding across ground stations and cloud infrastructure, correlation rule development, tuning, and automated alerting.

• Build and maintain EDR platform operations, including agent deployment, policy management, alert triage, and integration with SIEM workflows.

• Develop and continuously improve detection content, incident response playbooks, and SOC processes for a distributed, mission-critical environment.

• Integrate security tooling with broader infrastructure through APIs and automation, reducing manual operational burden over time.

• Lead the deployment and ongoing tuning of User and Entity Behavior Analytics (UEBA) capabilities within the SIEM environment, establishing behavioral baselines and refining detection models to surface insider threats and anomalous activity.

• Develop and maintain UEBA use cases, correlation rules, and risk scoring models, working closely with the SOC to ensure alerts are actionable and high-fidelity.

• Analyze UEBA telemetry to identify patterns indicative of insider risk, compromised accounts, or policy violations, and drive remediation in coordination with HR, legal, and security leadership.

Network & Infrastructure Security

• Manage and maintain FortiGate firewall infrastructure, including policy management, segmentation, firmware lifecycle, and log integration.

• Administer and optimize Cloudflare VPN and Zero Trust Network Access (ZTNA) configurations to support secure remote access and site connectivity.

• Deploy, harden, and maintain security infrastructure across on-premises environments and AWS GovCloud and Microsoft GCC, adhering to applicable compliance frameworks.

• Partner with product infrastructure engineers to ensure security is embedded in network and system architecture from the ground up.

• Deploy and manage email security infrastructure, including administration of platforms such as Proofpoint or Sublime Security, policy tuning, threat response, and integration with SIEM workflows.

DLP Policy & Controls

· Design, implement, and maintain Data Loss Prevention (DLP) policies across endpoint, network, and cloud environments to protect sensitive data in alignment with CMMC and NIST 800-53 control requirements.

· Develop and enforce DLP rules and rulesets across email, web, and SaaS platforms, continuously tuning policies to reduce false positives while maintaining strong data protection coverage.

· Partner with legal, compliance, and IT teams to classify data assets and translate classification requirements into enforceable DLP controls across the enterprise.

Identity & Access

• Support Okta administration in coordination with the IT operations team, including SSO integrations, MFA policy enforcement, lifecycle management, and SIEM log ingestion.

• Ensure routine integrations between identity, endpoint, and security tooling are maintained as new systems are onboarded — this role is not responsible for general IT helpdesk or end-user support operations.

Infrastructure as Code & Automation

• Define and enforce IaC practices (Terraform, Ansible, or equivalent) for all security infrastructure deployments, ensuring repeatability, auditability, and compliance alignment.

• Develop scripting and automation (Python, Bash, PowerShell) to operationalize security workflows, reduce toil, and support compliance evidence collection.

Team Leadership

• Hire, mentor, and develop security engineers as the team scales.

• Serve as the primary security engineering subject-matter expert in cross-functional collaboration with network operations, mission management, and product engineering teams.

• Contribute to security architecture reviews and provide technical guidance on regulatory requirements including CMMC, NIST 800-171, and FedRAMP.

Basic Qualifications

• 5+ years in security engineering or DevSecOps with demonstrated experience in a technical leadership capacity.

• Hands-on experience building and operating SIEM platforms, including log ingestion, detection rule development, and alert management.

• Experience deploying and managing EDR solutions in a production environment.

• Demonstrated FortiGate administration experience, including firewall policy management and network segmentation.

• Experience deploying and securing workloads in AWS GovCloud and/or Microsoft GCC environments.

• Proficiency with Infrastructure as Code tooling (Terraform, Ansible, or equivalent) applied to security infrastructure.

• Experience administering Okta, including SSO, MFA, lifecycle management, and SIEM integration.

• Familiarity with compliance frameworks relevant to defense and government environments (CMMC, NIST 800-171, FedRAMP).

• Ability to obtain and maintain a TS/SCI clearance.

• U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

• Active TS clearance or higher.

• Experience with Cloudflare Zero Trust / ZTNA configuration and administration.

• Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, or Panther.

• Experience with EDR platforms such as CrowdStrike Falcon or SentinelOne.

• Experience building and maintaining User and Entity Behavior Analytics (UEBA) capabilities for insider risk detection, including rule development, baselining, and integration with SIEM or dedicated UEBA platforms.

• Background in aerospace, defense, critical infrastructure, or other regulated industries.

• ITAR compliance experience.

• CISSP, CISM, CISA, or equivalent professional certification.

Additional Requirements:

• This position requires successfully obtaining and maintaining a Top Secret Security Clearance as a condition of employment. While the clearance may not be immediately necessary upon hire, we encourage you to initiate the application process promptly upon accepting this offer. Your ability to secure the necessary clearance is essential for fulfilling key responsibilities of the role. Should you be unable to obtain it, Northwood Space reserves the right to modify or terminate your employment to align with optional needs.

Additional Information:

If you need a reasonable accommodation as part of your application for employment or interviews with us, please let us know.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

Northwood Space is an Equal Opportunity Employer; employment with Northwood Space is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.