Infrastructure EngineerCore individual contributor role on the Northwood Infrastructure team. Operates defined scope independently with a spike in at least one area of depth.
Responsibilities- Own and operate one or more components of the Northwood infrastructure stack (CI/CD, app platform, cloud/IaC, networking, observability, security tooling). Take a defined scope and execute without ongoing oversight.
- Build and maintain infrastructure as code. Default to Terraform, Helm, and GitOps.
- Carry on-call for the infra stack. Handle the majority of incidents to resolution independently.
- Run post-incident reviews for incidents you owned.
- Partner with security engineering and compliance on controls implementation in your areas - Vault policies, IAM boundaries, SIEM coverage, evidence collection.
- Treat toil as a design signal. When manual work repeats, automate it or fix the underlying system.
- Write and maintain runbooks, design docs, and component documentation. Keep them current with the system.
- Collaborate across infra, product engineering, and ground station operations on cross-cutting work.
Basic Qualifications- 3-5 years of production infrastructure experience (SRE, DevOps, platform, network, or systems engineering).
- Working competence across: Linux, networking fundamentals, AWS or equivalent cloud, infrastructure as code (Terraform), containers and Kubernetes, CI/CD pipelines, observability tooling. Not expert in all - competent enough to operate and contribute.
- Demonstrated ownership of a production system end-to-end: design, implementation, operation.
- On-call experience in a production environment with measurable reliability outcomes.
- Comfortable in code (Python, Go, or similar) for automation, tooling, and integration work.
- Strong technical writing - design docs, runbooks, post-mortems.
Preferred Qualifications- Strong background in one or more of the following. We're hiring generalists with a spike, not specialists - depth in one area weighs heavily, but not at the cost of breadth across the basics.
- Networking - enterprise (FortiGate, switching), site/ground station, or core (TGW, WireGuard, BGP, IPsec)
- Security engineering - Vault, identity (Okta, IAM), SIEM operations, hardening
- Compliance partnership - implementing technical controls for CMMC, FedRAMP, NIST 800-171, ITAR
- Observability at scale - VictoriaMetrics or Prometheus, Grafana, alerting design, log pipelines (Vector, Loki)
- App platform - EKS at scale, on-prem k3s, ArgoCD and GitOps patterns
- CI/CD and developer experience - pipeline design, scanning and linting, release engineering
- Cloud architecture - multi-account AWS, GovCloud, Cloudflare
- On-prem and hardware-adjacent ops - bringing up systems in remote or austere environments, ground stations, edge sites
Additional Information:To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State.
