# Security Operations Manager

**Company:** [Northwood Space](https://hotfix.jobs/companies/northwood-space)
**Location:** Los Angeles, CA
**Role:** Security Engineering
**Experience:** 5+ years
**Skills:** SIEM, Edr, Python, PowerShell, Bash, Volatility, Yara, Ueba, Mitre Att&Ck, Soar
**Posted:** 2026-06-20

> Build and lead Northwood's security operations function, including SOC, incident response, detection engineering, and threat hunting for mission-critical aerospace infrastructure. Requires 5+ years hands-on SOC experience and TS/SCI eligibility.

## Job Description

## Security Operations & Monitoring
- Build and operate Northwood's SOC function, including continuous monitoring of security events across AWS GovCloud, GCC, on-premises facilities, and endpoint environments.
- Own alert triage, investigation, and escalation workflows, ensuring critical threats are identified and actioned with the urgency required of a mission-critical environment.
- Monitor and analyze telemetry across network security, identity, endpoint, and email security platforms, ensuring comprehensive visibility into Northwood's on-premises, cloud, and perimeter environments.
- Develop and maintain SOC operational metrics, reporting cadences, and dashboards for internal stakeholders and government customers.

## Detection Engineering
- Develop and continuously improve custom detection logic within Northwood's SIEM platform, including log source onboarding, correlation rule development, tuning, and coverage gap analysis.
- Build behavioral analytics, UEBA rules, and threat hunting queries tailored to Northwood's infrastructure and adversary profiles targeting aerospace and defense.
- Maintain detection content aligned to MITRE ATT&CK, ensuring coverage maps are current and gaps are systematically addressed.
- Integrate threat intelligence feeds into detection workflows and brief stakeholders on emerging threats relevant to government and dual-use space communications infrastructure.

## Incident Response & Forensics
- Own security incidents end-to-end, from initial detection through containment, eradication, recovery, and post-incident review.
- Conduct digital forensics and malware analysis using tools such as Volatility, YARA, and supporting utilities across Linux and Windows environments.
- Develop and maintain incident response playbooks and escalation procedures, including communication protocols for government customers and mission-critical operations.
- Lead tabletop exercises and incident response drills to validate playbook effectiveness and team readiness.

## Threat Hunting & Intelligence
- Proactively hunt for advanced persistent threats across Northwood's on-premises and cloud environments, developing and refining hunting methodologies as the threat landscape evolves.
- Research adversary tactics, techniques, and procedures targeting aerospace, defense, and critical infrastructure, and translate findings into actionable detection and hardening improvements.
- Maintain familiarity with government incident reporting requirements and ensure response procedures satisfy applicable regulatory obligations.

## Automation & Tooling
- Develop Python, PowerShell, or Bash automation for incident response workflows, threat hunting pipelines, and security orchestration across Northwood's environment.
- Build and maintain SOAR playbooks and automated response actions to reduce mean time to respond and minimize manual analyst burden.
- Collaborate with the Security Engineering Lead to ensure SOC tooling integrations across SIEM, EDR, email security, and identity platforms are maintained and continuously improved.

## Team Leadership
- Hire, mentor, and develop security operations analysts and engineers as the team scales.
- Define SOC operating procedures, analyst workflows, and on-call responsibilities to ensure consistent operational coverage.
- Serve as a senior security subject-matter expert in cross-functional collaboration with network engineering, infrastructure, and compliance teams.

## Basic Qualifications
- 5+ years of hands-on SOC operations, incident response, or threat hunting experience, with demonstrated experience in a technical leadership capacity.
- Hands-on experience building and operating SIEM platforms, including custom detection rule development, log source onboarding, and advanced query development.
- Experience with EDR platforms, including alert triage, policy management, and forensic investigation workflows.
- Digital forensics and malware analysis proficiency, including tools such as Volatility and YARA.
- Proficiency in Python, PowerShell, or Bash for security automation and threat hunting workflows.
- Experience building and maintaining UEBA capabilities for insider risk detection and anomalous behavior identification.
- Strong Linux forensics and log analysis skills across distributed systems.
- Working knowledge of threat intelligence frameworks including MITRE ATT&CK and the Diamond Model.
- Familiarity with compliance frameworks relevant to government environments, including NIST 800-171, CMMC, and DFARS incident reporting requirements.
- Ability to obtain and maintain a TS/SCI clearance.
- U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

## Preferred Qualifications
- Active TS clearance or higher.
- Familiarity with Northwood's core security stack, including FortiGate firewall infrastructure, Cloudflare Zero Trust, Okta, CrowdStrike or SentinelOne EDR, and email security platforms such as Proofpoint or Sublime Security.
- Experience with cloud security monitoring in AWS GovCloud and Microsoft GCC environments.
- Hands-on experience with SOAR platforms and automated response workflow development.
- Background in aerospace, defense, critical infrastructure, or other highly regulated security operations environments.
- Experience with threat hunting in air-gapped or compliance-constrained environments.
- Familiarity with government incident reporting requirements and procedures including DFARS 252.204-7012.
- Certifications such as GCIH, GCFA, GNFA, or equivalent incident response credentials.
- ITAR compliance experience.

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/d6d7430e-dc90-4748-9e5a-d182449f1da7
**Canonical:** https://hotfix.jobs/jobs/d6d7430e-dc90-4748-9e5a-d182449f1da7