Security Operations Manager

Responsibilities

Security Operations & Monitoring

• Build and operate Northwood's SOC function, including continuous monitoring of security events across AWS GovCloud, GCC, on-premises facilities, and endpoint environments.
• Own alert triage, investigation, and escalation workflows, ensuring critical threats are identified and actioned with the urgency required of a mission-critical environment.
• Monitor and analyze telemetry across network security, identity, endpoint, and email security platforms, ensuring comprehensive visibility into Northwood's on-premises, cloud, and perimeter environments.
• Develop and maintain SOC operational metrics, reporting cadences, and dashboards for internal stakeholders and government customers.

Detection Engineering

• Develop and continuously improve custom detection logic within Northwood's SIEM platform, including log source onboarding, correlation rule development, tuning, and coverage gap analysis.
• Build behavioral analytics, UEBA rules, and threat hunting queries tailored to Northwood's infrastructure and adversary profiles targeting aerospace and defense.
• Maintain detection content aligned to MITRE ATT&CK, ensuring coverage maps are current and gaps are systematically addressed.
• Integrate threat intelligence feeds into detection workflows and brief stakeholders on emerging threats relevant to government and dual-use space communications infrastructure.

Incident Response & Forensics

• Own security incidents end-to-end, from initial detection through containment, eradication, recovery, and post-incident review.
• Conduct digital forensics and malware analysis using tools such as Volatility, YARA, and supporting utilities across Linux and Windows environments.
• Develop and maintain incident response playbooks and escalation procedures, including communication protocols for government customers and mission-critical operations.
• Lead tabletop exercises and incident response drills to validate playbook effectiveness and team readiness.

Threat Hunting & Intelligence

• Proactively hunt for advanced persistent threats across Northwood's on-premises and cloud environments, developing and refining hunting methodologies as the threat landscape evolves.
• Research adversary tactics, techniques, and procedures targeting aerospace, defense, and critical infrastructure, and translate findings into actionable detection and hardening improvements.
• Maintain familiarity with government incident reporting requirements and ensure response procedures satisfy applicable regulatory obligations.

Automation & Tooling

• Develop Python, PowerShell, or Bash automation for incident response workflows, threat hunting pipelines, and security orchestration across Northwood's environment.
• Build and maintain SOAR playbooks and automated response actions to reduce mean time to respond and minimize manual analyst burden.
• Collaborate with the Security Engineering Lead to ensure SOC tooling integrations across SIEM, EDR, email security, and identity platforms are maintained and continuously improved.

Team Leadership

• Hire, mentor, and develop security operations analysts and engineers as the team scales.
• Define SOC operating procedures, analyst workflows, and on-call responsibilities to ensure consistent operational coverage.
• Serve as a senior security subject-matter expert in cross-functional collaboration with network engineering, infrastructure, and compliance teams.

Basic Qualifications

• 5+ years of hands-on SOC operations, incident response, or threat hunting experience, with demonstrated experience in a technical leadership capacity.
• Hands-on experience building and operating SIEM platforms, including custom detection rule development, log source onboarding, and advanced query development.
• Experience with EDR platforms, including alert triage, policy management, and forensic investigation workflows.
• Digital forensics and malware analysis proficiency, including tools such as Volatility and YARA.
• Proficiency in Python, PowerShell, or Bash for security automation and threat hunting workflows.
• Experience building and maintaining UEBA capabilities for insider risk detection and anomalous behavior identification.
• Strong Linux forensics and log analysis skills across distributed systems.
• Working knowledge of threat intelligence frameworks including MITRE ATT&CK and the Diamond Model.
• Familiarity with compliance frameworks relevant to government environments, including NIST 800-171, CMMC, and DFARS incident reporting requirements.
• Ability to obtain and maintain a TS/SCI clearance.
• U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

• Active TS clearance or higher.
• Familiarity with Northwood's core security stack, including FortiGate firewall infrastructure, Cloudflare Zero Trust, Okta, CrowdStrike or SentinelOne EDR, and email security platforms such as Proofpoint or Sublime Security.
• Experience with cloud security monitoring in AWS GovCloud and Microsoft GCC environments.
• Hands-on experience with SOAR platforms and automated response workflow development.
• Background in aerospace, defense, critical infrastructure, or other highly regulated security operations environments.
• Experience with threat hunting in air-gapped or compliance-constrained environments.
• Familiarity with government incident reporting requirements and procedures including DFARS 252.204-7012.
• Certifications such as GCIH, GCFA, GNFA, or equivalent incident response credentials.
• ITAR compliance experience.