SOAR Lead - Security Operations, Automation, and Response (Remote)

Summary

Allegiant Security Operations Team leverages security operations skills coupled with automation expertise to improve the overall security posture of the enterprise. Identify security vulnerabilities, weaknesses, and improvements, and then use automation to improve the security operations tooling. Additionally help automate detective controls finding indicators of compromise and enhancing those detections into our operations infrastructure as code (IaC). The SOAR Lead should have an attacker mindset and utilize tools, techniques, and processes that emulate those of skilled and motivated adversaries. A lead may have additional responsibilities such as managing projects, setting technical standards and guidelines, providing technical direction to the team, and collaborating with other departments to ensure the success of the organization's security operations. They may also be responsible for developing and implementing strategies to improve the efficiency and effectiveness of security operations, and for identifying opportunities to automate additional security processes beyond SOAR engineering.

Visa Sponsorship Available

No

• Lead the strategic direction and evolution of the Offensive Security program, including setting goals and establishing priorities.
• Drive strategic initiatives by influencing leadership, key stakeholders, and partnering with teams throughout Allegian.t
• Lead effective teamwork, communication, collaboration and commitment across Allegiant organization.
• Lead improvements to internal Information Security programs and processes.
• Write and deliver high-quality documents for technical and non-technical audiences.
• Assist with security investigations, root-cause analysis, and corrective measures as required.
• Design/build scripts, tools, or methodologies to enhance detection, response and offensive capabilities.
• Remain apprised of CSP (Cloud Service Provider) best practices and documentation, maintain appropriate certifications and share findings with teams during weekly meetings.
• Provide training regularly to uplift skill sets and operations of the information security team.
• Collaborate with security Governance to validate and provide evidence for PCI/DSS, NIST, SOX, CIS, and other compliance standards.
• Conduct application, cloud, network, and infrastructure penetration tests to identify and/or validate vulnerabilities and attack chains.
• Experience with secure container communications via Kubernetes CNIs, such as Calico.
• Experience with network routing protocols such as BGP, OSPF, EIGRP, IGRP, RIP, and RIPv2 with accompanying best practices.
• Model Allegiant’s customer service standards in personal actions and when providing leadership direction.
• Other duties as assigned.

• Combination of Education and Experience will be considered. Must be authorized to work in the US as defined by the Immigration Act of 1986. Must pass a Criminal Background Check.
• Education: Bachelor’s Degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience.
• Certification: OSCP, OSCE, Certified Information Systems Security Professional (CISSP), GIAC Security Automation Professional (GSAF), Terraform Associate, or any related certifications.
• Years of Experience: Minimum five (5) years of experience in systems security.
• Minimum three (3) years of development/IaC experience.
• Minimum five (5) years of performing Security Automation and/or Offensive Security operations in an enterprise environment.
• Minimum five (5) years of experience in Information Security related domains, with knowledge of security fundamentals, identifying and remediating application vulnerabilities, penetration testing methodologies and tools.
• Minimum three (3) years of experience driving Information Security initiatives across large diverse organizations.
• Minimum two (2) years of experience with Machine Learning, Data Engineering, Data Science or Software Engineering.
• Proficiency in security automation, orchestration, and response tools such as SOAR platforms, SIEM, EDR, and other related technologies.
• Experience working in a fast-paced, dynamic environment with competing priorities.
• Expertise in scripting and programming languages such as Python, GoLang, PowerShell, and Bash.
• Effectively communicate findings, attack paths, threat models, and recommendations to technical and executive stakeholders through written reports and verbal presentations.
• Collaborate with diverse business partners to ensure the impact of the risk is understood, managed, and remediated.
• Able to take on special assignments that may require additional on-the-fly learning.
• Ability to multi-task with various engagements that range in technical and non-technical capabilities.
• Practical understanding of machine learning and artificial intelligence.
• Deep knowledge in at least one programming/scripting language (Python, C/C++, PowerShell, GoLang, etc.)
• Experience in cloud technologies (AWS/Azure).
• Deep knowledge in analyzing and debugging API frameworks.
• Experienced in presenting technical analysis of security research or technical topics in the form of presentations and/or reporting.
• Ability to work autonomously, meet deadlines, and deliver impactful results.
• Ability to write effective communications.
• Sharp analytical abilities and attention to detail.
• Ability to handle multiple competing priorities in a fast-paced, deadline-driven environment.
• Ability to take ownership, self-motivate, and deliver results.
• Experience with driving remediation/mitigation of security issues and control gaps.
• Experience gathering and reporting to measure service and program effectiveness and consistency.
• Technical knowledge of adversary Tactics, Techniques, and Procedures (TTPs).
• Experience with cloud service providers and their offerings, preferably AWS, and its various technologies and services.
• Knowledge of system or security design approaches with experience driving engineering and architectures to deliver results.
• Strong technical leader capable of planning and executing to meet core objectives.
• Ability to proactively take initiative to complete tasks and ensure the work meets company standards.
• Driven and able to take the initiative to complete tasks and ensure high-quality work, able to understand the mindset of skilled adversaries.
• Experience with driving remediation/mitigation of security issues and control gaps.
• Experience gathering and reporting to measure service and program effectiveness and consistency.
• Technical knowledge of adversary Tactics, Techniques, and Procedures (TTPs).
• Experience with cloud service providers and their offerings, preferably AWS, and its various technologies and services.

• Full Time Benefits: Profit Sharing
• Medical/Dental/Vision/Life/ Disability Insurance
• Medical Travel Reimbursement
• Legal, Identity and Pet Insurance
• 401K with an employer match
• Employee Stock Purchase Plan
• Employee Assistance Program
• Tuition Reimbursement
• Flight Benefits
• Paid vacation, holidays, and sick time

• Part Time Benefits: Profit Sharing
• Medical Travel Reimbursement
• Legal, Identity and Pet Insurance
• 401K with an employer match
• Employee Stock Purchase Plan
• Employee Assistance Program
• Tuition Reimbursement
• Flight Benefits
• Sick time

• Physical Requirements and Work Environment: Office/IT - regular movement and computer use; may lift up to 50 lbs; may work varied shifts; travel may be required.
• Essential Services Provider: Allegiant may require reporting to location during emergencies.
• EEO Statement: We welcome all individuals and are an Equal Opportunity Employer: Disability/Veteran. For more information, see https://allegiantair.jobs