FreeHire

Northwood Space

Security Engineering Lead

Show

ABOUT NORTHWOOD

Northwood is deploying a global network of phased array ground stations that will fundamentally change how satellites communicate with Earth. These systems support real-time, high-throughput communications that commercial and government customers rely on for mission-critical operations.

Role Overview

As Security Engineering Lead, you will design, build, and own the security infrastructure that protects Northwood's ground station network, cloud environments, and corporate systems. This is a senior technical leadership role for an engineer who is equally at home architecting security platforms and mentoring a growing team.

You will lead the buildout of our SIEM and EDR capabilities, own corporate network security infrastructure including firewall management, and drive secure deployments across on-premises environments and AWS GovCloud and Microsoft GCC. You will define how Northwood engineers and operates security infrastructure at a scale and sensitivity level that does not exist elsewhere in the commercial space industry. This role reports to the Head of Security.

Responsibilities

SIEM & Detection Engineering

  • Own the full lifecycle of Northwood's SIEM platform — architecture, log source onboarding across ground stations and cloud infrastructure, correlation rule development, tuning, and automated alerting.

  • Build and maintain EDR platform operations, including agent deployment, policy management, alert triage, and integration with SIEM workflows.

  • Develop and continuously improve detection content, incident response playbooks, and SOC processes for a distributed, mission-critical environment.

  • Integrate security tooling with broader infrastructure through APIs and automation, reducing manual operational burden over time.

  • Lead the deployment and ongoing tuning of User and Entity Behavior Analytics (UEBA) capabilities within the SIEM environment, establishing behavioral baselines and refining detection models to surface insider threats and anomalous activity.

  • Develop and maintain UEBA use cases, correlation rules, and risk scoring models, working closely with the SOC to ensure alerts are actionable and high-fidelity.

  • Analyze UEBA telemetry to identify patterns indicative of insider risk, compromised accounts, or policy violations, and drive remediation in coordination with HR, legal, and security leadership.

Network & Infrastructure Security

  • Manage and maintain FortiGate firewall infrastructure, including policy management, segmentation, firmware lifecycle, and log integration.

  • Administer and optimize Cloudflare VPN and Zero Trust Network Access (ZTNA) configurations to support secure remote access and site connectivity.

  • Deploy, harden, and maintain security infrastructure across on-premises environments and AWS GovCloud and Microsoft GCC, adhering to applicable compliance frameworks.

  • Partner with product infrastructure engineers to ensure security is embedded in network and system architecture from the ground up.

  • Deploy and manage email security infrastructure, including administration of platforms such as Proofpoint or Sublime Security, policy tuning, threat response, and integration with SIEM workflows.

DLP Policy & Controls

· Design, implement, and maintain Data Loss Prevention (DLP) policies across endpoint, network, and cloud environments to protect sensitive data in alignment with CMMC and NIST 800-53 control requirements.

· Develop and enforce DLP rules and rulesets across email, web, and SaaS platforms, continuously tuning policies to reduce false positives while maintaining strong data protection coverage.

· Partner with legal, compliance, and IT teams to classify data assets and translate classification requirements into enforceable DLP controls across the enterprise.

Identity & Access

  • Support Okta administration in coordination with the IT operations team, including SSO integrations, MFA policy enforcement, lifecycle management, and SIEM log ingestion.

  • Ensure routine integrations between identity, endpoint, and security tooling are maintained as new systems are onboarded — this role is not responsible for general IT helpdesk or end-user support operations.

Infrastructure as Code & Automation

  • Define and enforce IaC practices (Terraform, Ansible, or equivalent) for all security infrastructure deployments, ensuring repeatability, auditability, and compliance alignment.

  • Develop scripting and automation (Python, Bash, PowerShell) to operationalize security workflows, reduce toil, and support compliance evidence collection.

Team Leadership

  • Hire, mentor, and develop security engineers as the team scales.

  • Serve as the primary security engineering subject-matter expert in cross-functional collaboration with network operations, mission management, and product engineering teams.

  • Contribute to security architecture reviews and provide technical guidance on regulatory requirements including CMMC, NIST 800-171, and FedRAMP.

Basic Qualifications

  • 5+ years in security engineering or DevSecOps with demonstrated experience in a technical leadership capacity.

  • Hands-on experience building and operating SIEM platforms, including log ingestion, detection rule development, and alert management.

  • Experience deploying and managing EDR solutions in a production environment.

  • Demonstrated FortiGate administration experience, including firewall policy management and network segmentation.

  • Experience deploying and securing workloads in AWS GovCloud and/or Microsoft GCC environments.

  • Proficiency with Infrastructure as Code tooling (Terraform, Ansible, or equivalent) applied to security infrastructure.

  • Experience administering Okta, including SSO, MFA, lifecycle management, and SIEM integration.

  • Familiarity with compliance frameworks relevant to defense and government environments (CMMC, NIST 800-171, FedRAMP).

  • Ability to obtain and maintain a TS/SCI clearance.

  • U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

  • Active TS clearance or higher.

  • Experience with Cloudflare Zero Trust / ZTNA configuration and administration.

  • Hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, or Panther.

  • Experience with EDR platforms such as CrowdStrike Falcon or SentinelOne.

  • Experience building and maintaining User and Entity Behavior Analytics (UEBA) capabilities for insider risk detection, including rule development, baselining, and integration with SIEM or dedicated UEBA platforms.

  • Background in aerospace, defense, critical infrastructure, or other regulated industries.

  • ITAR compliance experience.

  • CISSP, CISM, CISA, or equivalent professional certification.