Northwood · 10 hours ago
Senior Security Engineer - GRC
Washington, DC
Full-time
Onsite
Senior Level
5+ years expNorthwood is deploying a global network of phased array ground stations that will fundamentally change how satellites communicate with Earth. As a Senior Security Engineer, you will design and implement security architectures for infrastructure that supports real-time, high-throughput communications for mission-critical operations.
AerospaceHardwareSatellite Communication
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Own compliance programs end-to-end - Lead FedRAMP authorization efforts (Moderate/High), CMMC certification, and NIST 800-171 and/or NIST 800-53 implementation. You're the expert who translates framework requirements into actionable technical controls and documentation that pass audits the first time
Build compliance automation, not spreadsheets - Implement continuous monitoring pipelines using infrastructure as code. Create automated evidence collection systems that pull directly from AWS CloudTrail Wiz Gov, and our SIEM rather than manual documentation. Build POA&M tracking workflows that integrate with our existing GitOps processes
Be the bridge between engineering and auditors - Work directly with our Infrastructure and Network Engineering teams to implement security controls that satisfy FedRAMP/CMMC requirements without blocking deployments. Review Terraform configurations, ArgoCD deployments, and Vault policies to ensure they meet compliance mandates. Own the follow through for security control implementation to ensure controls are implemented on or ahead of schedule
Support the Mission Management team and our customers - Partner with our Mission management team on customer compliance artifacts. Serve as technical POC during government customer security reviews and assessments. Create compliance documentation packages demonstrate the security of our offerings and build trust with our customers
Drive risk management processes - Conduct risk assessments for new ground station deployments, cloud infrastructure changes, and third-party integrations. Maintain our risk register and work with stakeholders to implement risk treatment plans that balance security requirements with operational needs
Build and maintain the System Security Plan (SSP) - Own our FedRAMP SSP as a living technical document. Implement control mappings across multiple frameworks (FedRAMP, CMMC, NIST 800-171, ITAR). Create and maintain POA&Ms, security assessment reports, and continuous monitoring documentation
Implement security tooling for compliance visibility - Deploy and configure SIEM correlation rules, vulnerability scanning automation, and asset inventory systems. Build dashboards that provide real-time compliance posture visibility. Create automated reporting for monthly continuous monitoring requirements
Qualification
Required
5+ years of hands-on experience implementing compliance frameworks in production environments - You've successfully led organizations through FedRAMP, CMMC, or similar authorizations
Strong technical foundation with infrastructure as code - You can read and review Terraform configurations, understand AWS security architectures, and write scripts (Python, PowerShell, Bash) to automate compliance processes
Experience with SIEM platforms, vulnerability management tools, and continuous monitoring - You know how to configure Splunk/Sentinel correlation rules, automate vulnerability scanning with Tenable/Qualys, and build compliance dashboards
Deep knowledge of NIST 800-53, NIST 800-171, FedRAMP, and CMMC frameworks - You understand control requirements and more importantly, how to implement them in AWS Commercial, GovCloud, and hybrid environments
Ability to obtain and maintain TS/SCI clearance
Experience working directly with government customers and audit teams - You can translate technical implementations into compliance artifacts that satisfy 3PAOs and government authorizing officials
Strong technical writing skills - You create clear, accurate SSPs, SOPs, incident response playbooks, and security policies that pass government review
Preferred
Active TS clearance or higher
Experience with government assessment tools and authorization processes
Hands-on experience with AWS GovCloud, Azure Government, or other FedRAMP-authorized cloud environments
Knowledge of ITAR compliance requirements for defense contractors
Experience with Auth0, Okta, or similar IAM platforms for implementing authentication and authorization controls
Familiarity with FortiGate firewalls, AWS Transit Gateway, and multi-cloud networking architectures
Background in aerospace, defense, or critical infrastructure industries where compliance directly enables mission success
Certifications such as CISA, CISSP, CCSP, or similar compliance-focused credentials
Experience conducting tabletop exercises, security control assessments, and gap analyses
Company
Northwood
Northwood was founded by Bridgit Mendler, Griffin Cleverly, and Shaurya Luthra with the mission to expand access to space by transforming satellite backhaul infrastructure.
51-200 employees
Funding
Current Stage
Growth StageTotal Funding
$36.4MKey Investors
Harvard Innovation Labs
2025-04-22Series A· $30M
2024-02-19Seed· $6.3M
2023-02-08Grant· $0.1M
Leadership Team
Bridgit Mendler
CEO – Cofounder
G
Griffin Cleverly
Co-Founder, CTO
Recent News
Satellite Today
2025-07-11
Ars Technica - All content
2025-07-10
Company data provided by crunchbase