Corporate Security Architect

About Northwood:

Northwood is a modern space infrastructure company focused on connecting space and Earth. The world runs on space. Space will run on Northwood. Our global ground network ensures that missions ranging from national security, to global connectivity, to disaster response can unlock their full potential and operate every day without fail.

Role Overview

As Corporate Security Architect, you will own the design and implementation of Northwood's identity architecture, ensuring that access to corporate systems, cloud environments, and sensitive government workloads is governed by robust, auditable, and least-privilege controls. This is a mid-level individual contributor role for an engineer with deep Okta expertise and a strong foundation in IAM architecture, SSO, and role-based access control across complex hybrid environments.

You will serve as Northwood's IAM subject-matter expert, designing and maintaining the identity fabric that connects corporate users, contractors, and service accounts to the tools and systems they need — while enforcing the access boundaries required for CUI handling, ITAR compliance, and CMMC Level 2 certification. This role works in close partnership with the Security Engineering Lead, Security Operations Lead, and GRC Lead, and reports to the Head of Security.

Responsibilities

Identity Architecture & Okta Administration

• Own Northwood's Okta environment end-to-end, including tenant configuration, application integrations, lifecycle management, MFA policy enforcement, and directory synchronization.

• Design and maintain Northwood's SSO architecture, ensuring all corporate and government-facing applications are integrated into a consistent, auditable authentication framework.

• Develop and enforce adaptive authentication policies, step-up MFA configurations, and risk-based access controls aligned to the sensitivity of the systems being accessed.

• Manage Okta workflows and automation to support user provisioning, deprovisioning, and access change processes across the employee and contractor lifecycle.

• Maintain Okta system health, audit logging, and integration reliability, ensuring identity telemetry flows into Northwood's SIEM for continuous monitoring.

RBAC & Access Governance

• Design and implement role-based access control frameworks across Northwood's corporate systems, cloud environments, and government workloads, ensuring access is granted on a least-privilege and need-to-know basis.

• Define and maintain role taxonomies, access request workflows, and entitlement review processes that satisfy CMMC, FedRAMP, and NIST 800-171 access control requirements.

• Conduct periodic access reviews and certification campaigns, working with system owners to validate that entitlements remain appropriate and revoke unnecessary access.

• Develop and maintain access control documentation, including role definitions, provisioning procedures, and audit evidence required for compliance assessments.

• Enforce segregation of duties controls across critical systems, identifying and remediating access conflicts that create compliance or operational risk.

MDM Management & Provisioning

· Architect, deploy, and manage a unified Mobile Device Management (MDM) solution across macOS, Windows, Linux, and iOS/Android endpoints, ensuring consistent security baselines and configuration compliance across all device types.

· Establish and maintain OS-level hardening benchmarks (CIS, DISA STIG) across macOS, Windows, and Linux endpoints, translating requirements into enforced MDM policies and automated remediation workflows

· Define and enforce MDM configuration profiles, compliance policies, and conditional access rules across all managed platforms in alignment with CMMC, NIST 800-53, and organizational security standards

SSO & Application Integration

• Lead SSO onboarding for new SaaS applications, internal tools, and government-facing platforms, ensuring integrations conform to Northwood's authentication standards and security policies.

• Evaluate and enforce SAML, OIDC, and OAuth 2.0 implementation standards across integrated applications, identifying and remediating misconfigurations that introduce identity risk.

• Partner with the Security Engineering Lead to ensure Okta log ingestion, anomaly detection, and identity-based alerting are functioning and continuously tuned within the SIEM environment.

• Support integration of identity controls with endpoint management platforms, ensuring device trust policies are enforced as part of access decisions.

Privileged Access & Secrets Management

• Design and maintain privileged access management controls for administrative accounts, service accounts, and break-glass access procedures across corporate and government environments.

• Define and enforce service account governance standards, including credential rotation policies, least-privilege scoping, and audit logging requirements.

• Collaborate with the Product Security Lead on secrets management integration with identity controls, ensuring service-to-service authentication conforms to zero-trust principles.

Compliance & Cross-Functional Collaboration

• Ensure Northwood's IAM environment satisfies access control requirements across CMMC Level 2, FedRAMP, SOC 2, and ITAR, providing audit evidence and control documentation to the GRC Lead as needed.

• Partner with the GRC Lead to support access control–related audit activities, including evidence collection, assessor walkthroughs, and remediation of identified deficiencies.

• Collaborate with the network engineering team to ensure identity-aware network access controls and Zero Trust policies are consistently enforced across Cloudflare and on-premises environments.

• Develop and maintain IAM architecture documentation, including data flow diagrams, integration maps, and access control matrices that reflect Northwood's current environment.

Basic Qualifications

• 3+ years of hands-on IAM engineering experience, with demonstrated ownership of Okta administration in a production environment.

• Deep Okta expertise, including SSO configuration, lifecycle management, MFA policy enforcement, adaptive authentication, Okta Workflows, and SIEM log integration.

• Strong understanding of SSO protocols including SAML 2.0, OIDC, and OAuth 2.0, with hands-on experience troubleshooting and hardening integrations.

• Experience designing and implementing RBAC frameworks, including role taxonomy development, entitlement reviews, and access certification processes.

• Familiarity with privileged access management concepts, including service account governance, least-privilege enforcement, and administrative access controls.

• Understanding of IAM requirements within government compliance frameworks, including NIST 800-171 access control and identification and authentication control families.

• Experience integrating identity platforms with endpoint management, cloud environments, and security monitoring tooling.

• Ability to obtain and maintain a TS/SCI clearance.

• U.S. citizenship or status as a lawful permanent resident required to conform with ITAR export regulations.

Preferred Qualifications

• Active TS clearance or higher.

• Experience operating Okta in AWS GovCloud or Microsoft GCC environments, including tenant configuration for government workload access controls.

• Familiarity with Okta Identity Governance (OIG) or similar identity governance and administration (IGA) platforms.

• Experience with Cloudflare Zero Trust access policies and integration with Okta for identity-aware network access enforcement.

• Hands-on experience with privileged access management platforms such as CyberArk, BeyondTrust, or equivalent.

• Background in aerospace, defense, critical infrastructure, or other government-adjacent regulated environments.

• Experience supporting CMMC, FedRAMP, or SOC 2 audits in an IAM engineering capacity.

• Okta Certified Administrator, Okta Certified Professional, or equivalent identity platform certification.

• CISSP, CISM, or equivalent professional security certification.