Senior Network Engineer

Northwood is a modern space infrastructure company bringing the benefits of space to the masses through advanced communications technology. We are building a global network of phased array ground stations that enable real-time, reliable communication for satellite missions such as national security, global connectivity, and disaster response. With a vertically integrated approach, Northwood designs, builds, and rapidly deploys scalable systems that power the next generation of space missions. If you like solving complex challenges and seeing your work deployed around the world with real impact, Northwood is the place to do it.

Role

As Senior Network Engineer (Enterprise), you will design, deploy, and operate the network infrastructure that underpins Northwood's corporate facilities and hybrid cloud environments. This is a senior individual contributor role for an engineer with deep enterprise networking expertise who can build production-grade infrastructure from the ground up and maintain it to the operational standards required of a dual-use space communications company.

You will own campus and facility network architecture, drive the implementation of zero-trust network segmentation, and ensure secure, high-availability connectivity across on-premises facilities, AWS GovCloud, and Cloudflare's backbone. You will work in close partnership with the security engineering team to ensure network infrastructure meets ITAR, CMMC, and government customer requirements. This role reports to the Head of Security.

Responsibilities

Campus & Facility Network Architecture

• Design and build LAN infrastructure for corporate offices and facilities, including switching, routing, VLAN design, and network segmentation strategies that support enterprise workloads.

• Own network lifecycle management across facilities, including hardware procurement, capacity planning, firmware management, and documentation.

• Deploy and manage enterprise wireless infrastructure across multiple facilities, ensuring secure wireless access for corporate users and isolated network segments for operational and ITAR-controlled systems.

Zero-Trust & Network Security

• Implement zero-trust network architecture across Northwood's facilities and cloud environments, including microsegmentation, identity-aware access controls, and least-privilege network policies.

• Deploy, configure, and manage FortiGate firewall infrastructure, including policy management, network segmentation, and security zone enforcement for government and ITAR-controlled workloads.

• Administer Cloudflare Zero Trust and tunnel configurations to support secure remote access, site-to-site connectivity, and traffic inspection across distributed facilities.

• Collaborate with the security engineering team to implement network-based detection controls, integrate network telemetry with SIEM platforms, and support incident response efforts.

Hybrid Cloud & WAN Connectivity

• Design and manage hybrid network connectivity between on-premises facilities, AWS Commercial, AWS GovCloud, and Cloudflare's backbone, including VPN solutions, private connectivity, and multi-cloud routing architectures.

• Ensure network architecture supports compliance requirements for CUI handling, including appropriate segmentation between commercial and government workloads.

Automation & Monitoring

• Implement network monitoring and observability tooling to maintain visibility into performance, availability, and security posture across all network segments.

• Develop and maintain network automation using tools such as Ansible, NetBox, or equivalent, reducing manual operational burden and enforcing configuration consistency.

• Document network architecture, configurations, and standard operating procedures to support compliance audits and operational continuity.

Cross-Functional Collaboration

• Partner with security engineering on firewall policy reviews, network access control design, and compliance evidence collection for CMMC and FedRAMP assessments.

• Collaborate with infrastructure and engineering teams to ensure network design supports operational requirements and future scaling.

• Integrate network infrastructure with identity management systems, including Okta, to support network access policy enforcement and user lifecycle management.

Basic Qualifications

• Bachelor's degree in Engineering, Computer Science, or a related discipline and 5+ years of enterprise networking experience, or 7+ years of enterprise networking experience without a degree.

• Hands-on experience with enterprise switching and routing, VLAN design, and network segmentation in production environments.

• Demonstrated experience deploying and managing FortiGate firewall infrastructure, including policy management and network zone enforcement.

• Experience designing and implementing zero-trust network architectures, including microsegmentation and identity-aware access controls.

• Experience with cloud networking in AWS, AWS GovCloud, or multi-cloud environments, including hybrid connectivity and private networking.

• Hands-on experience with Cloudflare, including Zero Trust, tunnels, and DNS.

• Experience deploying and managing enterprise wireless infrastructure across multiple facilities.

• Proficiency with network monitoring, automation, and troubleshooting tools.

• Ability to obtain and maintain a TS/SCI clearance.

• U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

• Active TS clearance or higher.

• Proficiency with network automation tools including Ansible and NetBox.

• Industry certifications such as CCNP, ACNP, or equivalent enterprise networking credentials.

• Background in aerospace, defense, critical infrastructure, or other government-adjacent regulated industries.

• Experience with ITAR compliance and network isolation requirements for controlled technical information.

• Familiarity with CMMC, NIST 800-171, and DFARS compliance requirements as they relate to network architecture.

• Experience integrating network infrastructure with identity management platforms such as Okta or Azure Active Directory.

Additional Information:

If you need a reasonable accommodation as part of your application for employment or interviews with us, please let us know.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.

Northwood Space is an Equal Opportunity Employer; employment with Northwood Space is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.