Lead - Cybersecurity Operations

At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - it’s our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need – saving them money along the way.

What We Stand For

Low Fares Done Right is our mission and we strive to bring it to life every day. Our ‘Done Right’ promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - we’re not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality.

Work Perks

At Frontier, we like to think we’re creating something very special for our team members. Work is why we’re here, but the perks are nice too:

• Flight benefits for you and your family to fly on Frontier Airlines
• Buddy passes for your friends so they can experience what makes us so great
• Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages
• Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors
• Enjoy a ‘Dress for your Day’ business casual environment
• Flexible work schedules that support work/life balance
• Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date.
• We play our part to make a difference. The HOPE League, Frontier Airlines’ non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship

Who We Are

Frontier Airlines is a leading ultra-low cost carrier headquartered in Denver, Colorado. With a mission to deliverLow Fares Done Right, the company provides affordable, convenient and accessible air travel throughout the U.S., Caribbean, Mexico and Latin America. Frontier’s highly fuel-efficient, all-Airbus fleet is among the youngest and most modern of any carrier within the U.S. That, combined with the airline’s many weight-saving initiatives and focus on operational efficiencies, makes Frontier America’s Greenest Airline.* Each Frontier Airlines plane tail features a special animal with a unique name and backstory. Many of the featured species are endangered or threatened, part of the airline’s commitment to underscore and raise awareness for their plight. Frontier serves approximately 100 destinations throughout North America and operates 500-plus daily flights, on average. The airline employs more than 7,000 team members and has crew bases in more than a dozen U.S. cities. Frontier Airlines, Inc., is a subsidiary of Frontier Group Holdings, Inc. (NASDAQ: ULCC).

* Frontier is the most fuel-efficient of all major U.S. carriers when measured by ASMs per fuel gallon consumed.

The Lead Analyst, Cybersecurity Operations will be part of the Cybersecurity team that analyzes, implements, monitors, troubleshoots, and audits the cybersecurity of the Frontier network infrastructure. The Lead Analyst provides timely and comprehensive updates to the Sr. Manager of Cybersecurity Operations on the intelligence of internal/external threats for detection, monitoring, threat hunting, and incident response. The scope of environment includes system-monitoring platforms, anti-virus, DLP, URL filtering, and PCI environments and any new leading tools that are brought into the network. The Lead Analyst will oversee the SOC team onshore and will be responsible for the Vulnerability Management program, attaining SLA benchmarks, the collection of tools and performance metrics, ensuring SOPs and playbooks are well updated and audited, incident response, digital forensics, and supporting penetration remediation on applications/systems. The Lead Analyst onshore will work closely with the peer Lead Analyst offshore to provide daily handover reports, status of threat intelligence alerts, vulnerability management progress, escalation of issues to the Level 2 team, and will hold daily standup calls between the offshore and onshore teams. The Lead Analyst(s) will meet multiple times per week with the Sr. Manager of Cybersecurity Operations to review ServiceNow tickets, projects, security tool audits, known exploited vulnerabilities and other high priority issues that arise during the week.

Essential Functions

• Monitor, investigate, analyze, respond, and report to cyber incidents identified through detection/response platforms.
• Lead support to Management in detecting and responding to cybersecurity alerts and incident activity.
• Responsible for engaging and escalating incidents to Cyber Operations Management and other Cyber Incident Response Team members.
• Actively support incident response activities, efforts, and training exercises (e.g., incidents, tabletop, threat simulations) and be the lead incident response analyst.
• Actively drive risk reduction efforts for known cyber security vulnerabilities and known attack traffic patterns/indicators of compromise (IOC).
• Actively monitor security threats and risks, provide in-depth incident analysis, evaluate security incidents, provide proactive threat research, and recommend mitigation strategies.
• Evaluate and determine if/when cybersecurity violations have occurred through examination of network/application logs, open-source research, vulnerability and configuration scan data, and user provided reports.
• Proactively conduct investigations, analysis, and evaluation of projects to determine cybersecurity risk and feasibility as required.
• Administer, maintain, tune, and perform health checks on cybersecurity products and services (such as secure mail gateway, SIEM, EDR, vulnerability management, brand monitoring, threat intelligence, security rating, DDoS, web proxy, file integrity monitoring (FIM), data loss prevention (DLP), User Entity & Behavioral Analytics (UEBA), and other).
• Provide and implement recommendations for new technical controls to help mitigate security vulnerabilities.
• Responsible for leading the vulnerability management program functions including hosting weekly meetings with Stakeholders and the operations team, creating and tracking tickets for all vulnerabilities, holding stakeholder teams to meet SLA’s, and reporting to the Sr. Manager of Cybersecurity on a weekly basis.
• Actively perform threat hunting activities in the environment to detect cyber threats in the network.
• Coordinate and support purple, red, and blue team engagements.
• Provide cybersecurity technical assistance when needed by system/application owners.
• Support multiple day-to-day cybersecurity tasks and projects efforts.
• Provide regular status updates to Management on projects and remediation efforts.
• Solid understanding of cybersecurity policies and procedures, ability to draft, modify and create standard operating procedures (SOPs) for use of other team members.
• Support organizational Security Awareness Training efforts (suggest training topics, coordinate phishing campaigns, enable awareness to end-users in support of incidents).
• Support vulnerability assessments functions (such as: enterprise pen testing, application pen testing, static/dynamic testing, scorecard assessments).
• Participate and support afterhours/on-call rotation requirements for cybersecurity incidents.
• Responsible for developing, monitoring, and tracking cyber security metrics on a recurring basis, including creating PowerPoint slide decks for presentations.
• Coordinate response and remediation efforts across various departments in a cooperative and beneficial manner.
• Responsible for maintaining Incident Response documentation and auditing member contact information on at least a semi-annual basis or as needed.
• Responsible for attending all vendor meetings and acts as the point of contact for our Cybersecurity vendors.
• Demonstrate ownership and understanding of tasks when engaging with other team members.
• Provide leadership, guidance and partnership to Analyst(s) and Senior Analyst(s).
• Responsible for the onboarding and training of new analysts to the Cybersecurity Operations team.
• Provide support to management team.

• Bachelor’s degree in computer science, technology, or equivalent combination of education and relevant experience (required).
• 6+ years of relevant IT/Cybersecurity experience (required).
• 3+ years in a Supervisor or Lead Analyst, Cybersecurity role (required).
• 5+ years in security operations with hands-on experience with enterprise cybersecurity products, such as Qualys, SentinelOne, Proofpoint, Office365, Microsoft Defender for Cloud, Microsoft Defender for Identity (required).
• 5+ years of SIEM (security information and event management) platform experience (required).
• 4+ years supporting adversary tactics and techniques based on MITRE attack framework (required).
• Knowledge of cyber security standards and frameworks such as ISO 27001, NIST CSF, NIST-800-53, PCI DSS ASV (highly desired).
• Hands-on experience with tools like PowerShell, Vulnerability Management suite, Wireshark, and NMAP (required).
• Industry cybersecurity certification: CompTIA: Security+ or Pentest+, CEH, CISSP, OCSP, SANS: GCIH or GSEC, CISSP, ISACA: CISA or CISM, Security+, SSCP, or CCNA (required, or willing to attain within 3 months of start date).
• Hands-on Cloud infrastructure (Azure/AWS/GCP) cybersecurity remediation experience (Microsoft Defender) (required).
• Hands-on experience with next-gen endpoint detection/response (EDR), Enterprise Firewall, IPS, Log Management, Cisco, and Checkpoint experience (required).
• URL Filtering (web proxy) and troubleshooting experience (desirable).
• Solid understanding of a variety of OSINT techniques and digital forensics to aid in proactive Threat Hunting and crown jewel asset protection.
• Has demonstrable PowerPoint presentations and assists Management with gathering metrics on a routine basis and actively aids in a continual reduction of risk and vulnerabilities resulting in an overall more secure environment quarter-over-quarter.
• Proactively identifies areas within Frontier that require hardening and protection and deploys solutions with the respective supporting teams.

• Ability to understand and communicate industry trends, maintain awareness of current vulnerabilities and security concerns, and understand their impact on the organization.
• Ability to troubleshoot security/network/system-related issues and manage security components in operating environment.
• Solid understanding of attack vectors, common intrusion techniques, brand intelligence, threat intelligence, application/host/network security hardening, enterprise risk management concepts, and MITRE Attack Framework principles.
• Knowledge of enterprise risk assessment tools, technologies, and methodologies.
• Broad and thorough knowledge of enterprise security systems and devices.
• Knowledgeable in penetration testing, vulnerability assessments, and remediation.
• Designing and implementing cybersecurity controls in an operating environment.
• Able to make accurate work estimates and deliver projects within schedule constraints.
• Proficiency in network traffic analysis and packet analysis.
• Well-organized with the ability to coordinate and prioritize multiple tasks simultaneously with varying deadlines.
• Demonstrate understanding and in-depth knowledge of security threats and applying actionable data to processes and procedures.
• Demonstrate understanding and knowledge correlation analysis, along with an understanding of monitoring programs, such as Splunk and other SIEMs.
• Understanding of the OSI 7-layer model.
• Willing to work more than 40 hours and some weekends as needed.
• Willing to support after-hours and weekend on-call rotation support.
• Strong written and verbal communication skills.
• Ability to remain organized and to elicit cooperation from a wide variety of sources including team members and other internal departments.
• Ability to quickly learn new systems, devices, and methodologies.
• Able to work independently and with a team of peers and other departments.
• Proactively identifies and addresses various gaps and solutions within the boundaries of Cybersecurity Operations and deploys these solutions; creates roadmap on these efforts to align with Cyber Operations goals and provides periodic updates as needed.

Laptop endpoint running Windows and a variety of cybersecurity applications, commercial and open-source tools.

Team is currently 3 Days a week in office, 2 Days Remote. This is subject to change at any time.Requires being on-call for after-hours and weekend support.

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Salary Range: $110,114 - $146,157 Please note: this posting has a closing date of on or before midnight 11/30/25 MT.

• None

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.

Frontier Airlines, Inc. is an equal opportunity employer and, as such, is committed to providing equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability status, pregnancy, genetic information, citizenship status or any other basis protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Frontier Airlines is a Zero Tolerance Drug-Free Workplace. All prospective DOT safety-sensitive employees are subject to pre-employment testing for the following drugs and their metabolites: Marijuana, Cocaine, Amphetamines, Opioids and Phencyclidine (PCP). Further, any DOT safety-sensitive job applicant who is found to have tested positive on any required drug or alcohol test at a former employer will be considered ineligible for employment with Frontier.

Colorado Residents: In any materials you submit, you may redact or remove age-identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.