Search all jobs
Browse jobsTorrance, CA › Security Operations Manager

Security Operations Manager

Northwood · Torrance, California · Posted Jun 20, 2026

Apply on company site   Track it in JobSkout

Northwood is a modern space infrastructure company bringing the benefits of space to the masses through advanced communications technology. We are building a global network of phased array ground stations that enable real-time, reliable communication for satellite missions such as national security, global connectivity, and disaster response. With a vertically integrated approach, Northwood designs, builds, and rapidly deploys scalable systems that power the next generation of space missions. If you like solving complex challenges and seeing your work deployed around the world with real impact, Northwood is the place to do it.

Role

As Security Operations Lead, you will build and own Northwood's security operations function — standing up SOC capabilities, leading incident response, and developing the detection and threat hunting programs that protect mission-critical infrastructure. This is a senior leadership role for an operator who brings deep hands-on experience across SIEM engineering, EDR, and incident response, and who can build a team and program from the ground up in a highly regulated, dual-use environment.

You will develop detection content tailored to Northwood's hybrid on-premises and cloud infrastructure, building coverage across network security, identity, endpoint, and email security telemetry sources in a highly regulated dual-use environment. This role partners closely with the Security Engineering Lead and reports to the Head of Security.

Responsibilities

Security Operations & Monitoring

  • Build and operate Northwood's SOC function, including continuous monitoring of security events across AWS GovCloud, GCC, on-premises facilities, and endpoint environments.
  • Own alert triage, investigation, and escalation workflows, ensuring critical threats are identified and actioned with the urgency required of a mission-critical environment.
  • Monitor and analyze telemetry across network security, identity, endpoint, and email security platforms, ensuring comprehensive visibility into Northwood's on-premises, cloud, and perimeter environments.
  • Develop and maintain SOC operational metrics, reporting cadences, and dashboards for internal stakeholders and government customers.

Detection Engineering

  • Develop and continuously improve custom detection logic within Northwood's SIEM platform, including log source onboarding, correlation rule development, tuning, and coverage gap analysis.
  • Build behavioral analytics, UEBA rules, and threat hunting queries tailored to Northwood's infrastructure and adversary profiles targeting aerospace and defense.
  • Maintain detection content aligned to MITRE ATT&CK, ensuring coverage maps are current and gaps are systematically addressed.
  • Integrate threat intelligence feeds into detection workflows and brief stakeholders on emerging threats relevant to government and dual-use space communications infrastructure.

Incident Response & Forensics

  • Own security incidents end-to-end, from initial detection through containment, eradication, recovery, and post-incident review.
  • Conduct digital forensics and malware analysis using tools such as Volatility, YARA, and supporting utilities across Linux and Windows environments.
  • Develop and maintain incident response playbooks and escalation procedures, including communication protocols for government customers and mission-critical operations.
  • Lead tabletop exercises and incident response drills to validate playbook effectiveness and team readiness.

Threat Hunting & Intelligence

  • Proactively hunt for advanced persistent threats across Northwood's on-premises and cloud environments, developing and refining hunting methodologies as the threat landscape evolves.
  • Research adversary tactics, techniques, and procedures targeting aerospace, defense, and critical infrastructure, and translate findings into actionable detection and hardening improvements.
  • Maintain familiarity with government incident reporting requirements and ensure response procedures satisfy applicable regulatory obligations.

Automation & Tooling

  • Develop Python, PowerShell, or Bash automation for incident response workflows, threat hunting pipelines, and security orchestration across Northwood's environment.
  • Build and maintain SOAR playbooks and automated response actions to reduce mean time to respond and minimize manual analyst burden.
  • Collaborate with the Security Engineering Lead to ensure SOC tooling integrations across SIEM, EDR, email security, and identity platforms are maintained and continuously improved.

Team Leadership

  • Hire, mentor, and develop security operations analysts and engineers as the team scales.
  • Define SOC operating procedures, analyst workflows, and on-call responsibilities to ensure consistent operational coverage.
  • Serve as a senior security subject-matter expert in cross-functional collaboration with network engineering, infrastructure, and compliance teams.

Basic Qualifications

  • 5+ years of hands-on S…

Apply on company site