Lead, Security Operations, Automation, and Response (SOAR)

Summary Allegiant Security Operations Team leverages security operations skills coupled with automation expertise to improve the overall security posture of the enterprise. Identify security vulnerabilities, weaknesses, and improvements, and then use automation to improve the security operations tooling. Additionally help automate detective controls finding indicators of compromise and enhancing those detections into our operations infrastructure as code (IaC). The SOAR Lead should have an attacker mindset and utilize tools, techniques, and processes that emulate those of skilled and motivated adversaries. A lead may have additional responsibilities such as managing projects, setting technical standards and guidelines, providing technical direction to the team, and collaborating with other departments to ensure the success of the organization's security operations. They may also be responsible for developing and implementing strategies to improve the efficiency and effectiveness of security operations, and for identifying opportunities to automate additional security processes beyond SOAR engineering. Visa Sponsorship Available No Minimum Requirements Combination of Education and Experience will be considered. Must be authorized to work in the US as defined by the Immigration Act of 1986. Must pass a Criminal Background Check. Education: Bachelor’s Degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience. Certification: OSCP, OSCE, Certified Information Systems Security Professional (CISSP), GIAC Security Automation Professional (GSAF), Terraform Associate, or any related certifications. Years of Experience:   •Minimum five (5) years of experience in systems security. •Minimum three (3) years of development/IaC experience. •Minimum five (5) years performing Security Automation and/or Offensive Security operations in an enterprise environment. •Minimum five (5) years of experience in Information Security related domains, with knowledge of security fundamentals, identifying and remediating application vulnerabilities, penetration testing methodologies and tools. •Minimum three (3) years of experience driving Information Security initiatives across large diverse organizations. •Minimum two (2) years of experience with Machine Learning, Data Engineering, Data Science or Software Engineering. •Proficiency in security automation, orchestration, and response tools such as SOAR platforms, SIEM, EDR, and other related technologies. •Experience working in a fast-paced, dynamic environment with competing priorities. •Expertise in scripting and programming languages such as Python, GoLang, PowerShell, and Bash. •Effectively communicate findings, attack paths, threat models, and recommendations to technical and executive stakeholders through written reports and verbal presentations. •Collaborate with diverse business partners to ensure the impact of the risk is understood, managed, and remediated. •Able to take on special assignments that may require additional on-the-fly learning. •Ability to multi-task with various engagements that range in technical and non-technical capabilities. •Practical understanding of machine learning and artificial intelligence. •Deep knowledge in at least one programming/scripting language (Python, C/C++, PowerShell, GoLang, etc.) •Experience in cloud technologies (AWS/Azure). •Deep knowledge in analyzing and debugging API frameworks. •Experienced in presenting technical analysis of security research or technical topics in the form of presentations and/or reporting. •Ability to work autonomously, meet deadlines, and deliver impactful results. •Ability to write effective communications. •Sharp analytical abilities and attention to detail. •Ability to handle multiple competing priorities in a fast-paced, deadline-driven environment. •Ability to take ownership, self-motivate, and deliver results. •Experience with driving remediation/mitigation of security issues and control gaps. •Experience gathering and reporting to measure service and program effectiveness and consistency. •Technical knowledge of adversary Tactics, Techniques, and Procedures (TTPs). •Experience with cloud service providers and their offerings, preferably AWS, and its various technologies and services. •Knowledge of system or security design approaches with experience driving engineering and architectures to deliver results. •Strong technical leader capable of planning and executing to meet core objectives. •Ability to proactively take initiative to complete tasks and ensure the work meets company standards. •Driven and able to take the initiative to complete tasks and ensure high-quality work, able to understand the mindset of skilled adversaries. Job Duties •Lead the strategic direction and evolution of the Offensive Security program, including setting goals and establishing priorities. •Drive strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout Allegian.t •Lead effective teamwork, communication, collaboration and commitment across Allegiant organization. •Lead improvements to internal Information Security programs and processes. •Write and deliver high-quality documents for technical and non-technical audiences. •Assist with security investigations, root-cause analysis, and corrective measures as required. •Design/build scripts, tools, or methodologies to enhance detection, response and offensive capabilities. •Remain apprised of CSP (Cloud Service Provider) best practices and documentation, maintain appropriate certifications and share findings with teams during weekly meetings. •Provide training regularly to uplift skill sets and operations of the information security team. •Collaborate with security Governance to validate and provide evidence for PCI/DSS, NIST, SOX, CIS, and other compliance standards. •Conduct application, cloud, network, and infrastructure penetration tests to identify and/or validate vulnerabilities and attack chains. •Experience with secure container communications via Kubernetes CNIs, such as Calico. •Experience with network routing protocols such as BGP, OSPF, EIGRP, IGRP, RIP, and RIPv2 with accompanying best practices. •Model Allegiant’s customer service standards in personal actions and when providing leadership direction. •Other duties as assigned. Physical Requirements The Physical Demands and Work Environment described here are a representative of those that must be met by a Team Member to successfully perform the essential functions of the role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the role. Office/IT - While performing the duties of this job, the Team Member is regularly required to stand, sit, talk, hear, see, reach, stoop, kneel, and use hands and fingers to operate a computer, key board, printer, and phone. May be required to lift, push, pull, or carry up to 50 lbs. May be required to work various shifts/days in a 24 hour situation. Regular attendance is a requirement of the role. Exposure to moderate noise (i.e. business office with computers, phones, printers, and foot traffic), temperature and light fluctuations. Ability to work in a confined area as well as the ability to sit at a computer terminal for an extended period of time. Some travel may be a requirement of the role. Essential Services Provider Allegiant as a national air carrier is deemed an essential service provider during declared national and state emergencies. Team Members will be required to report to their assigned trip or work location during national and state emergencies unless prohibited by local, state or federal order. EEO Statement Equal Opportunity Employer: Disability/Veteran For more information, see https://allegiantair.jobs People of color, women, LGBTQIA+, immigrants, veterans and persons with disabilities are encouraged to apply.