What Will You Be Doing?

The Cloud Security Architect collaborates within the Enterprise Architecture team, reporting to the Chief Architect at Frontier Airlines. This individual works closely with the Cybersecurity team to manage, define, develop, and execute security architectures across the entire Frontier organization. As the security architect, their responsibilities include designing and implementing secure information systems, networks, and infrastructure for Frontier Airlines. They analyze cybersecurity requirements, assess potential risks, and develop strategies to safeguard against cyber threats and attacks. Additionally, the architect collaborates with cross-functional teams (Infrastructure, Cloud, Networking, Applications, Database) to ensure compliance with industry standards and best practices. They continuously monitor and update cybersecurity measures to proactively address emerging threats.

The Cloud Security Architect also provides guidance to other technology teams (infrastructure, cloud, networking, applications, data) within Frontier Airlines, overseeing all aspects related to security strategy and implementation. This includes managing Security Tools within Cloud ecosystems (Azure and AWS), Network IPS/IDS, Identity and Access Management (IAM), Zero Trust, DevSecOps, Data Protection, Security Frameworks, Methodologies, and Threat Modeling.

The successful candidate partners with business leaders to develop and deliver solutions that align with business strategies while safeguarding Frontier Airlines’ intellectual property and customer data. Their expertise extends beyond security architecture, encompassing the broader security program and its role in transforming the organization’s digital infrastructure.

Essential Functions

• Collaborate closely with cross-functional teams to ensure that advanced and innovative security measures and best practices are integrated into all hybrid cloud technology solutions.
• Assist technical teams in migrations from on-prem systems to cloud platforms while establishing and maintaining a high level of security and compliance.
• Create and maintain security strategy plans and roadmaps. Influence the planning and execution of the roadmap with measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Develop and maintain Security Architecture process and artifacts that enable the enterprise to implement security capabilities that are clearly aligned with the business, technology, and threat drivers.
• Architect / Implement Cloud security automation to monitor and establish guardrails across the cloud.
• Serves as the subject matter expert in secure cloud technology design, development, and implementation in support of products, solutions, and business functionality enablement.
• Drafts and reviews cloud related policies, standards, and guidelines to ensure security is designed and delivered to meet business use cases and requirements.
• Establishes architecture design principles and practices to improve performance, effectiveness, security, compliance, and scalability of solutions.
• Collaborates with business teams and engineering teams to understand vision and scope for cloud solutions and defines the security requirements.
• Partners with cross-functional teams to assess cloud security risks by establishing security architecture with a focus on threat detection, security control enforcement, and incident response.
• Draft project plans for security services or technology implementations and coordinate with stakeholders across the organization.
• Strategize and design security architectures for next generation cloud systems. Possess a firm understanding of the offerings within Azure primarily and AWS as well as other leading cloud service providers.
• Based on business requirements, plan and design cloud-native architecture that adheres to cloud security frameworks, standards, and best practices.
• Ensure relevant audit and security logs are collected to a central location and exposed to the correct teams for triage, analysis, and incident response.
• With a solid understanding of next generation cloud platforms and serverless technologies, act as the ambassador and principal technical representative for Enterprise Security while engaging with other senior technical leaders throughout Frontier Airlines in the design and implementation of cloud and hybrid solutions.
• Develop and execute strategies to mature our security posture throughout the enterprise, as well as mentoring more-junior security architects/leads and analysts.
• Determine baseline security configuration standards for operating systems (e.g., OS Hardening), network segmentation, web application firewall, mobile devices, etc.
• Evaluate Review security technologies, tools, and services, and make recommendations to the broader security team for their use, based on security policy and procedures as well as financial and operational metrics.
• Collaborate with IT teams to integrate cybersecurity controls into Frontier's infrastructure, applications, and software development (SDLC) processes.
• Design, develop, and enforce web application cybersecurity throughout the CI/CD lifecycle.
• Ensure compliance with relevant laws, regulations, and industry standards related to data protection and security.
• Be a cybersecurity evangelist who can translate cybersecurity concepts into language that is meaningful to varying audiences, including business and technical leaders.

Qualifications

• Bachelor’s degree in computer science, technology, or equivalent combination of education and relevant experience (required).

• 7 years of experience deploying, configuring, and managing complex cybersecurity architecture.
• 6 years cybersecurity operations and/or engineering experience required.
• 4 years of experience working in a cloud-native environment such as Azure, AWS, GCP.
• Hold an active cybersecurity certification, such as a CSSLP, CISSP, CISA, CCP, CSSLP, GCSA MCP, MCSE, SANS, or Microsoft AZ (highly desired, or equivalent experience is acceptable).
• Design and implementation of cybersecurity controls including experience in applying cybersecurity framework methodologies; to include NIST, Cloud (CSA), wired, and wireless cybersecurity principles (required).
• Experience with the airline industry a plus.

Knowledge, Skills and Abilities

• Proficient in troubleshooting network/system related issues and effectively manage components in a production environment.
• Strong understanding of attack vectors, common intrusion techniques, threat intelligence, application/host/network security hardening, micro-segmentation, network access control, networking protocols, and enterprise risk management concepts.
• Ability to troubleshoot cybersecurity, networking, client server, Wi-Fi, and VPN issues.
• Expert knowledge of enterprise firewall management and deployment.
• Broad and thorough knowledge of enterprise cybersecurity systems and devices.
• Experience securing cloud IAAS, SAAS, PAAS, and IAC environments (Azure, AWS, Google Cloud).
• Proficient in network traffic and packet analysis.
• Demonstrable experience working with configuration management/automation (SOAR) tools.
• Experience installing, configuring, and supporting Web Application Firewalls (WAFs) in a complex enterprise environment.
• Experience with cybersecurity concepts and tooling such as: SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), Web Application Penetration Testing, and Open-Source Analysis.
• Experience with DDoS Mitigation deployments (IPSec/GRE tunnels), configuration, policy, and management of related tools.
• Understanding of OWASP Top Ten, threats and vulnerabilities, and tactics used to compromise applications.
• Proficiency with applications, databases, web services, authentication, and middleware servers.
• Aptitude with one or more scripting languages (e.g., Python, PowerShell, JavaScript, and Bash).
• Experience with regulatory requirements and laws such as, Sarbanes-Oxley Act (SOX), PCI-DSS (Payment Card Industry-Data Security Standard), TSA (Cybersecurity Amendment), California Consumer Privacy Act (CCPA), and Gramm-Leach-Bliley Act (GLBA).
• Experience in the following Frameworks: NIST CSF (Cybersecurity Framework) and CIS (Critical Security Controls).
• Ability to remain organized and to elicit cooperation from a wide variety of internal team members and 3 party providers.
• Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
• Excellent written and oral communication skills; ability to problem solve with little to no supervision.
• Excellent troubleshooting skills.

Equipment Operated

• Security Monitoring (SIEM), Endpoint Detection & Response, User Behavior Analytics (UBA), Cloud Security, Threat/Brand Intelligence, Email Protection, Phishing Management, Content Distribution Network, Web Application, BOT Mitigation, Structured/Unstructured Data Discover & Protection, Vulnerability Management. Internet Access Proxy, VPN, Application Security Testing, Firewall, Firewall Analysis, Identity & Access Management, Windows, Linux, and a variety of cybersecurity tools including the common open-source projects and commercial tools.

Work Environment

Typical office environment, adequately heated and cooled.

Will require being on call for afterhours and weekend support.

Physical Effort

Generally, not required.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Positions Supervised

Not applicable currently.

Salary Range: $113,520.00 - $141,900.00

Please note: this posting has a closing date of 3/8/2024, midnight MT.

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.

Frontier Airlines, Inc. is an equal opportunity employer and, as such, is committed to providing equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability status, pregnancy, genetic information, citizenship status or any other basis protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Frontier Airlines is a Zero Tolerance Drug-Free Workplace. All prospective employees are subject to pre-employment testing for the following drugs and their metabolites: Marijuana, Cocaine, Amphetamines, Opioids and Phencyclidine (PCP). Further, any applicant who is found to have tested positive on any required drug or alcohol test at a former employer will be considered ineligible for employment with Frontier.