Skip to content
Northwood SpaceNorthwood SpaceLos Angeles, CA

Security Operations Manager

Build and lead Northwood's security operations function, including SOC, incident response, detection engineering, and threat hunting for mission-critical aerospace infrastructure. Requires 5+ years hands-on SOC experience and TS/SCI eligibility.

Salary not listed
On-site5+ YOESecurity Engineering

About the role

Security Operations & Monitoring

  • Build and operate Northwood's SOC function, including continuous monitoring of security events across AWS GovCloud, GCC, on-premises facilities, and endpoint environments.
  • Own alert triage, investigation, and escalation workflows, ensuring critical threats are identified and actioned with the urgency required of a mission-critical environment.
  • Monitor and analyze telemetry across network security, identity, endpoint, and email security platforms, ensuring comprehensive visibility into Northwood's on-premises, cloud, and perimeter environments.
  • Develop and maintain SOC operational metrics, reporting cadences, and dashboards for internal stakeholders and government customers.

Detection Engineering

  • Develop and continuously improve custom detection logic within Northwood's SIEM platform, including log source onboarding, correlation rule development, tuning, and coverage gap analysis.
  • Build behavioral analytics, UEBA rules, and threat hunting queries tailored to Northwood's infrastructure and adversary profiles targeting aerospace and defense.
  • Maintain detection content aligned to MITRE ATT&CK, ensuring coverage maps are current and gaps are systematically addressed.
  • Integrate threat intelligence feeds into detection workflows and brief stakeholders on emerging threats relevant to government and dual-use space communications infrastructure.

Incident Response & Forensics

  • Own security incidents end-to-end, from initial detection through containment, eradication, recovery, and post-incident review.
  • Conduct digital forensics and malware analysis using tools such as Volatility, YARA, and supporting utilities across Linux and Windows environments.
  • Develop and maintain incident response playbooks and escalation procedures, including communication protocols for government customers and mission-critical operations.
  • Lead tabletop exercises and incident response drills to validate playbook effectiveness and team readiness.

Threat Hunting & Intelligence

  • Proactively hunt for advanced persistent threats across Northwood's on-premises and cloud environments, developing and refining hunting methodologies as the threat landscape evolves.
  • Research adversary tactics, techniques, and procedures targeting aerospace, defense, and critical infrastructure, and translate findings into actionable detection and hardening improvements.
  • Maintain familiarity with government incident reporting requirements and ensure response procedures satisfy applicable regulatory obligations.

Automation & Tooling

  • Develop Python, PowerShell, or Bash automation for incident response workflows, threat hunting pipelines, and security orchestration across Northwood's environment.
  • Build and maintain SOAR playbooks and automated response actions to reduce mean time to respond and minimize manual analyst burden.
  • Collaborate with the Security Engineering Lead to ensure SOC tooling integrations across SIEM, EDR, email security, and identity platforms are maintained and continuously improved.

Team Leadership

  • Hire, mentor, and develop security operations analysts and engineers as the team scales.
  • Define SOC operating procedures, analyst workflows, and on-call responsibilities to ensure consistent operational coverage.
  • Serve as a senior security subject-matter expert in cross-functional collaboration with network engineering, infrastructure, and compliance teams.

Basic Qualifications

  • 5+ years of hands-on SOC operations, incident response, or threat hunting experience, with demonstrated experience in a technical leadership capacity.
  • Hands-on experience building and operating SIEM platforms, including custom detection rule development, log source onboarding, and advanced query development.
  • Experience with EDR platforms, including alert triage, policy management, and forensic investigation workflows.
  • Digital forensics and malware analysis proficiency, including tools such as Volatility and YARA.
  • Proficiency in Python, PowerShell, or Bash for security automation and threat hunting workflows.
  • Experience building and maintaining UEBA capabilities for insider risk detection and anomalous behavior identification.
  • Strong Linux forensics and log analysis skills across distributed systems.
  • Working knowledge of threat intelligence frameworks including MITRE ATT&CK and the Diamond Model.
  • Familiarity with compliance frameworks relevant to government environments, including NIST 800-171, CMMC, and DFARS incident reporting requirements.
  • Ability to obtain and maintain a TS/SCI clearance.
  • U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

  • Active TS clearance or higher.
  • Familiarity with Northwood's core security stack, including FortiGate firewall infrastructure, Cloudflare Zero Trust, Okta, CrowdStrike or SentinelOne EDR, and email security platforms such as Proofpoint or Sublime Security.
  • Experience with cloud security monitoring in AWS GovCloud and Microsoft GCC environments.
  • Hands-on experience with SOAR platforms and automated response workflow development.
  • Background in aerospace, defense, critical infrastructure, or other highly regulated security operations environments.
  • Experience with threat hunting in air-gapped or compliance-constrained environments.
  • Familiarity with government incident reporting requirements and procedures including DFARS 252.204-7012.
  • Certifications such as GCIH, GCFA, GNFA, or equivalent incident response credentials.
  • ITAR compliance experience.

Skills

SIEMEdrPythonPowerShellBashVolatilityYaraUebaMitre Att&CkSoar
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering