Security Engineering Manager
Northwood · Torrance, CA · Yesterday
EngineeringFull-time
Responsibilities
- Own the full lifecycle of Northwood's SIEM platform — architecture, log source onboarding across ground stations and cloud infrastructure, correlation rule development, tuning, and automated alerting.
- Build and maintain EDR platform operations, including agent deployment, policy management, alert triage, and integration with SIEM workflows.
- Develop and continuously improve detection content, incident response playbooks, and SOC processes for a distributed, mission-critical environment.
- Integrate security tooling with broader infrastructure through APIs and automation, reducing manual operational burden over time.
- Lead the deployment and ongoing tuning of User and Entity Behavior Analytics (UEBA) capabilities within the SIEM environment, establishing behavioral baselines and refining detection models to surface insider threats and anomalous activity.
- Develop and maintain UEBA use cases, correlation rules, and risk scoring models, working closely with the SOC to ensure alerts are actionable and high-fidelity.
- Analyze UEBA telemetry to identify patterns indicative of insider risk, compromised accounts, or policy violations, and drive remediation in coordination with HR, legal, and security leadership.
- Manage and maintain FortiGate firewall infrastructure, including policy management, segmentation, firmware lifecycle, and log integration.
- Administer and optimize Cloudflare VPN and Zero Trust Network Access (ZTNA) configurations to support secure remote access and site connectivity.
- Deploy, harden, and maintain security infrastructure across on-premises environments and AWS GovCloud and Microsoft GCC, adhering to applicable compliance frameworks.
- Partner with product infrastructure engineers to ensure security is embedded in network and system architecture from the ground up.
- Deploy and manage email security infrastructure, including administration of platforms such as Proofpoint or Sublime Security, policy tuning, threat response, and integration with SIEM workflows.
Qualifications
- 5+ years in security engineering or DevSecOps with demonstrated experience in a technical leadership capacity.
- Hands-on experience building and operating SIEM platforms, including log ingestion, detection rule development, and alert management.
- Experience deploying and managing EDR solutions in a production environment.
- Demonstrated FortiGate administration experience, including firewall policy management and network segmentation.
- Experience deploying and securing workloads in AWS GovCloud and/or Microsoft GCC environments.
- Proficiency with Infrastructure as Code tooling (Terraform, Ansible, or equivalent) applied to security infrastructure.
- Experience administering Okta, including SSO, MFA, lifecycle management, and SIEM integration.
- Familiarity with compliance frameworks relevant to defense and government environments (CMMC, NIST 800-171, FedRAMP).
- Ability to obtain and maintain a TS/SCI clearance.
- U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.