Senior Security Engineer - GRC

About Northwood

Northwood is deploying a global network of phased array ground stations that will fundamentally change how satellites communicate with Earth. These systems support real-time, high-throughput communications that commercial and government customers rely on for mission-critical operations. As a Senior Security Engineer, you will design and implement security architectures for infrastructure that simply does not exist anywhere else.

This is an opportunity to define the security posture of a rapidly scaling space-communications network—where the stakes include national security, global communications integrity, and uninterrupted mission operations.

Role:

We're building the internet for space. Help us stay compliant while we do it.

Northwood is deploying a global network of phased array ground stations for mission-critical government and commercial space communications. We're scaling fast with major government and commercial customer who demand the highest compliance standards. We need a Senior Security Engineer for Compliance who can own our compliance programs while building the technical controls and automation that enable us to move at startup speed without compromising our security posture.

Responsibilities:

• Own compliance programs end-to-end - Lead FedRAMP authorization efforts (Moderate/High), CMMC certification, and NIST 800-171 and/or NIST 800-53 implementation. You're the expert who translates framework requirements into actionable technical controls and documentation that pass audits the first time.

• Build compliance automation, not spreadsheets - Implement continuous monitoring pipelines using infrastructure as code. Create automated evidence collection systems that pull directly from AWS CloudTrail Wiz Gov, and our SIEM rather than manual documentation. Build POA&M tracking workflows that integrate with our existing GitOps processes.

• Be the bridge between engineering and auditors - Work directly with our Infrastructure and Network Engineering teams to implement security controls that satisfy FedRAMP/CMMC requirements without blocking deployments. Review Terraform configurations, ArgoCD deployments, and Vault policies to ensure they meet compliance mandates. Own the follow through for security control implementation to ensure controls are implemented on or ahead of schedule.

• Support the Mission Management team and our customers - Partner with our Mission management team on customer compliance artifacts. Serve as technical POC during government customer security reviews and assessments. Create compliance documentation packages demonstrate the security of our offerings and build trust with our customers.

• Drive risk management processes - Conduct risk assessments for new ground station deployments, cloud infrastructure changes, and third-party integrations. Maintain our risk register and work with stakeholders to implement risk treatment plans that balance security requirements with operational needs.

• Build and maintain the System Security Plan (SSP) - Own our FedRAMP SSP as a living technical document. Implement control mappings across multiple frameworks (FedRAMP, CMMC, NIST 800-171, ITAR). Create and maintain POA&Ms, security assessment reports, and continuous monitoring documentation.

• Implement security tooling for compliance visibility - Deploy and configure SIEM correlation rules, vulnerability scanning automation, and asset inventory systems. Build dashboards that provide real-time compliance posture visibility. Create automated reporting for monthly continuous monitoring requirements.

Basic Qualifications:

• 5+ years of hands-on experience implementing compliance frameworks in production environments - You've successfully led organizations through FedRAMP, CMMC, or similar authorizations

• Strong technical foundation with infrastructure as code - You can read and review Terraform configurations, understand AWS security architectures, and write scripts (Python, PowerShell, Bash) to automate compliance processes

• Experience with SIEM platforms, vulnerability management tools, and continuous monitoring - You know how to configure Splunk/Sentinel correlation rules, automate vulnerability scanning with Tenable/Qualys, and build compliance dashboards

• Deep knowledge of NIST 800-53, NIST 800-171, FedRAMP, and CMMC frameworks - You understand control requirements and more importantly, how to implement them in AWS Commercial, GovCloud, and hybrid environments

• Ability to obtain and maintain TS/SCI clearance

• Experience working directly with government customers and audit teams - You can translate technical implementations into compliance artifacts that satisfy 3PAOs and government authorizing officials

• Strong technical writing skills - You create clear, accurate SSPs, SOPs, incident response playbooks, and security policies that pass government review

Preferred Qualifications:

• Active TS clearance or higher

• Experience with government assessment tools and authorization processes

• Hands-on experience with AWS GovCloud, Azure Government, or other FedRAMP-authorized cloud environments

• Knowledge of ITAR compliance requirements for defense contractors

• Experience with Auth0, Okta, or similar IAM platforms for implementing authentication and authorization controls

• Familiarity with FortiGate firewalls, AWS Transit Gateway, and multi-cloud networking architectures

• Background in aerospace, defense, or critical infrastructure industries where compliance directly enables mission success

• Certifications such as CISA, CISSP, CCSP, or similar compliance-focused credentials

• Experience conducting tabletop exercises, security control assessments, and gap analyses