Security Operations Manager

About Northwood:

Northwood is on a mission to transform connectivity between earth and space and bring the benefits of space to the masses through innovations in space communications technologies. If you like building quickly and seeing your work deployed in locations around the globe with real impact, we want you at Northwood.

As Security Operations Lead, you will build and own Northwood's security operations function — standing up SOC capabilities, leading incident response, and developing the detection and threat hunting programs that protect mission‑critical infrastructure. This is a senior leadership role for an operator who brings deep hands‑on experience across SIEM engineering, EDR, and incident response, and who can build a team and program from the ground up in a highly regulated, dual‑use environment.

You will develop detection content tailored to Northwood's hybrid on‑premises and cloud infrastructure, building coverage across network security, identity, endpoint, and email security telemetry sources in a highly regulated dual‑use environment. This role partners closely with the Security Engineering Lead and reports to the Head of Security.

• Build and operate Northwood's SOC function, including continuous monitoring of security events across AWS Gov Cloud, GCC, on‑premises facilities, and endpoint environments.
• Own alert triage, investigation, and escalation workflows, ensuring critical threats are identified and actioned with the urgency required of a mission‑critical environment.
• Monitor and analyze telemetry across network security, identity, endpoint, and email security platforms, ensuring comprehensive visibility into Northwood's on‑premises, cloud, and perimeter environments.
• Develop and maintain SOC operational metrics, reporting cadences, and dashboards for internal stakeholders and government customers.

• Develop and continuously improve custom detection logic within Northwood's SIEM platform, including log source onboarding, correlation rule development, tuning, and coverage gap analysis.
• Build behavioral analytics, UEBA rules, and threat hunting queries tailored to Northwood's infrastructure and adversary profiles targeting aerospace and defense.
• Maintain detection content aligned to MITRE ATT&CK, ensuring coverage maps are current and gaps are systematically addressed.
• Integrate threat intelligence feeds into detection workflows and brief stakeholders on emerging threats relevant to government and dual‑use space communications infrastructure.

• Own security incidents end‑to‑end, from initial detection through containment, eradication, recovery, and post‑incident review.
• Conduct digital forensics and malware analysis using tools such as Volatility, YARA, and supporting utilities across Linux and Windows environments.
• Develop and maintain incident response playbooks and escalation procedures, including communication protocols for government customers and mission‑critical operations.
• Lead tabletop exercises and incident response drills to validate playbook effectiveness and team readiness.

• Proactively hunt for advanced persistent threats across Northwood's on‑premises and cloud environments, developing and refining hunting methodologies as the threat landscape evolves.
• Research adversary tactics, techniques, and procedures targeting aerospace, defense, and critical infrastructure, and translate findings into actionable detection and hardening improvements.
• Maintain familiarity with government incident reporting requirements and ensure response procedures satisfy applicable regulatory obligations.

• Develop Python, Power Shell, or Bash automation for incident response workflows, threat hunting pipelines, and security orchestration across Northwood's environment.
• Build and maintain SOAR playbooks and automated response actions to reduce mean time to respond and minimize manual analyst burden.
• Collaborate with the Security Engineering Lead to ensure SOC tooling integrations across SIEM, EDR, email security, and identity platforms are…