Logo
Frontier Airlines

Frontier Airlines is hiring: Lead - Cybersecurity Operations in Denver

Frontier Airlines, Denver, CO, United States, 80285

Save Job

What Will You Be Doing?

The Lead Analyst, Cybersecurity Operations will be part of the Cybersecurity team that analyzes, implements, monitors, troubleshoots, and audits the cybersecurity of the Frontier network infrastructure. The Lead Analyst provides timely and comprehensive updates to the Sr. Manager of Cybersecurity Operations on the intelligence of internal/external threats for detection, monitoring, threat hunting, and incident response. The scope of environment includes system-monitoring platforms, anti-virus, DLP, URL filtering, and PCI environments and any new leading tools that are brought into the network. The Lead Analyst will oversee the SOC team onshore and will be responsible for the Vulnerability Management program, attaining SLA benchmarks, the collection of tools and performance metrics, ensuring SOPs and playbooks are well updated and audited, incident response, digital forensics, and supporting penetration remediation on applications/systems. The Lead Analyst onshore will work closely with the peer Lead Analyst offshore to provide daily handover reports, status of threat intelligence alerts, vulnerability management progress, escalation of issues to the Level 2 team, and will hold daily standup calls between the offshore and onshore teams. The Lead Analysts will meet multiple times per week with the Sr. Manager of Cybersecurity Operations to review ServiceNow tickets, projects, security tool audits, known exploited vulnerabilities and other high priority issues that arise during the week.

Essential Functions

  • Monitor, investigate, analyze, respond, and report to cyber incidents identified through detection/response platforms.
  • Lead support to Management in detecting and responding to cybersecurity alerts and incident activity.
  • Engage and escalate incidents to Cyber Operations Management and other Cyber Incident Response Team members.
  • Actively support incident response activities and training exercises and be the lead incident response analyst.
  • Drive risk reduction efforts for known cybersecurity vulnerabilities and indicators of compromise.
  • Monitor security threats and risks, provide in-depth incident analysis, and recommend mitigation strategies.
  • Evaluate and determine if/when cybersecurity violations have occurred through logs, research, vulnerability data, and user reports.
  • Proactively conduct investigations and evaluate projects to determine cybersecurity risk and feasibility.
  • Administer, maintain, tune, and perform health checks on cybersecurity products and services (e.g., SIEM, EDR, DLP, web proxy, FIM, etc.).
  • Provide and implement recommendations for new technical controls to mitigate vulnerabilities.
  • Lead the vulnerability management program, host weekly stakeholder meetings, create and track tickets, meet SLAs, and report weekly to the Sr. Manager of Cybersecurity.
  • Conduct threat hunting activities to detect cyber threats in the environment.
  • Coordinate and support purple, red, and blue team engagements.
  • Provide cybersecurity technical assistance to system/application owners.
  • Support day-to-day cybersecurity tasks and project efforts.
  • Provide regular status updates to Management on projects and remediation efforts.
  • Draft and maintain SOPs for team use; support Security Awareness Training efforts.
  • Support vulnerability assessment functions (penetration testing, static/dynamic testing, scorecard assessments).
  • Participate in afterhours/on-call rotation for cybersecurity incidents.
  • Develop, monitor, and track cybersecurity metrics and create presentations for management.
  • Coordinate response and remediation across departments and maintain Incident Response documentation.
  • Attend vendor meetings and act as the point of contact for cybersecurity vendors.
  • Demonstrate ownership of tasks and provide leadership and guidance to analysts.
  • Onboard and train new members of the Cybersecurity Operations team.
  • Provide support to management as needed.

Qualifications

  • Bachelor’s degree in computer science, technology, or equivalent combination of education and relevant experience (required).
  • 6+ years of IT/Cybersecurity experience (required).
  • 3+ years in a Supervisor or Lead Analyst role (required).
  • 5+ years in security operations with hands-on experience with enterprise cybersecurity products (required).
  • 5+ years of SIEM experience (required).
  • 4+ years supporting adversary tactics and techniques based on MITRE ATT&CK (required).
  • Knowledge of ISO 27001, NIST CSF, NIST 800-53, PCI DSS ASV (highly desired).
  • Hands-on experience with PowerShell, vulnerability management tools, Wireshark, and NMAP (required).
  • Industry cybersecurity certification (required or willing to attain within 3 months of start): Security+, Pentest+, CEH, CISSP, CISA, CISM, GCIH, GSEC, SSCP, CCNA.
  • Cloud infrastructure remediation experience (Azure/AWS/GCP) and Microsoft Defender (required).
  • Experience with next-gen EDR, enterprise firewall, IPS, log management, Cisco, and Checkpoint (required).
  • URL filtering/web proxy experience (desirable).
  • Strong OSINT and digital forensics knowledge for threat hunting.
  • Ability to create management-ready presentations and drive risk reduction quarter-over-quarter.
  • Proactively identifies hardening opportunities and coordinates deployment with supporting teams.

Knowledge, Skills And Abilities

  • Ability to communicate industry trends and security concerns and their organizational impact.
  • Troubleshoot security/network/system issues and manage security components.
  • Strong understanding of attack vectors, threat intelligence, hardening, and MITRE ATT&CK principles.
  • Knowledge of risk assessment tools and methodologies.
  • Broad knowledge of enterprise security systems and devices.
  • Familiarity with penetration testing, vulnerability assessments, and remediation.
  • Design and implement cybersecurity controls in an operating environment.
  • Ability to estimate work and deliver projects on schedule.
  • Proficiency in network traffic and packet analysis.
  • Well-organized with the ability to coordinate multiple tasks and deadlines.
  • Ability to apply actionable data to processes and procedures and understand monitoring programs (e.g., Splunk and other SIEMs).
  • Understanding of the OSI 7-layer model.
  • Willing to work more than 40 hours and on-call as needed.
  • Strong written and verbal communication skills and the ability to work with multiple teams.
  • Ability to learn new systems quickly and work independently or with a team.
  • Proactively identifies gaps and deploys solutions; creates a roadmap aligned with Cyber Operations goals.

Work Environment

Team is currently 3 days in office and 2 days remote. This is subject to change. Requires being on-call for after-hours and weekend support.

Physical/Other Considerations

Light physical effort; up to 20 pounds occasionally.

Salary Range

$110,114 - $146,157

Posting closing date: on or before midnight 11/30/25 MT.

Workplace Policies

Frontier Airlines is an equal opportunity employer and a zero-tolerance drug-free workplace. See posting for full policy details.

#J-18808-Ljbffr