Senior Detection and Response Engineer

Northwood is a modern space infrastructure company bringing the benefits of space to the masses through advanced communications technology. We are building a global network of phased array ground stations that enable real-time, reliable communication for satellite missions such as national security, global connectivity, and disaster response. With a vertically integrated approach, Northwood designs, builds, and rapidly deploys scalable systems that power the next generation of space missions. If you like solving complex challenges and seeing your work deployed around the world with real impact, Northwood is the place to do it.

About Northwood:

Northwood is a modern space infrastructure company focused on connecting space and Earth. The world runs on space. Space will run on Northwood. Our global ground network ensures that missions ranging from national security, to global connectivity, to disaster response can unlock their full potential and operate every day without fail.

Role:

We're building the internet for space. Help us defend it.

Northwood is deploying a global network of phased array ground stations for mission-critical government and commercial space communications. We need a Senior Detection and Response Engineer to build and operate our security operations center, hunt threats across distributed satellite infrastructure, and lead incident response for systems that can't go down.

Responsibilities:

• Lead incident response and forensics - Own security incidents from detection through resolution across globally distributed ground stations and cloud infrastructure. Conduct digital forensics, malware analysis, and coordinate response efforts for incidents impacting national security missions.

• Build and tune detection rules - Develop custom detection logic for SIEM platforms that can identify threats specific to satellite communications and ground station operations. Create behavioral analytics and threat hunting queries for distributed infrastructure.

• Operate 24/7 security monitoring - Monitor security events across AWS multi-cloud environments, Linux-based ground station systems, and satellite communication networks. Triage alerts, investigate suspicious activity, and escalate critical threats.

• Hunt threats across space infrastructure - Proactively search for advanced persistent threats targeting satellite ground stations, RF communications, and space-based assets. Develop threat hunting methodologies for unique attack vectors in space communications.

• Create incident response playbooks - Build runbooks for security incidents specific to satellite ground stations and space communications. Develop escalation procedures and communication protocols for government customers and mission-critical operations.

• Analyze threat intelligence - Research adversary tactics targeting aerospace and defense infrastructure. Integrate threat feeds into detection systems and brief stakeholders on emerging threats to space communications.

• Build security automation - Develop Python/PowerShell scripts for automated incident response, threat hunting workflows, and security orchestration across distributed ground station networks.

Basic Qualifications

• 5+ years of hands-on SOC operations, incident response, or threat hunting experience

• Experience with SIEM platforms (Splunk, Sentinel, Chronicle) including custom rule development and advanced search techniques

• Digital forensics and malware analysis skills with tools like Volatility, YARA, and hex editors

• Proficiency in Python, PowerShell, or similar languages for security automation and threat hunting

• Experience with endpoint security platforms (CrowdStrike, SentinelOne) and network security monitoring

• Strong Linux forensics and log analysis skills across distributed systems

• Knowledge of threat intelligence frameworks (MITRE ATT&CK, Diamond Model) and IOC analysis

• Ability to obtain and maintain TS/SCI clearance

Preferred Qualifications

• Experience with cloud security monitoring in AWS, Azure, or multi-cloud environments

• Background in aerospace, defense, or critical infrastructure security operations

• Experience with threat hunting in air-gapped or highly regulated environments

• Knowledge of RF communications, satellite systems, or space-based asset security

• Certifications such as GCIH, GCFA, GNFA, or similar incident response credentials

• Experience building security orchestration and automated response (SOAR) workflows

• Familiarity with government incident reporting requirements and procedures

Additional Information:

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
Northwood is an Equal Opportunity Employer; employment with Northwood is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.

#LI-DNI

Additional Information:

If you need a reasonable accommodation as part of your application for employment or interviews with us, please let us know.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

Northwood Space is an Equal Opportunity Employer; employment with Northwood Space is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.