Analyst - Cybersecurity Operations

What Will You Be Doing?

The Analyst, Cybersecurity Operations will be part of the Cybersecurity team that analyzes, implements, monitors, troubleshoots, and audits the cybersecurity of the Frontier network infrastructure. The analyst provides timely and comprehensive intelligence on internal/external threats for detection, monitoring, threat hunting, and incident response. The scope of environment includes system-monitoring platforms, anti-virus, DLP, URL filtering, and PCI environments. The analyst will be responsible for performing alert analysis, incident response, digital forensics, and supporting penetration remediation on applications/systems.

Essential Functions

• Monitor, investigate, analyze, respond, and report to cyber incidents identified through detection/response platforms.

• Level 1 support in detecting and responding to cybersecurity alerts and incident activity.

• Responsible for engaging and escalating incidents to Level 2 and other Cyber Incident Response Team members.

• Actively drive risk reduction efforts for known cyber security vulnerabilities and known attack traffic patterns/indicators of compromise (IOC).

• Actively monitor security threats and risks, provide in-depth incident analysis, evaluate security incidents, provide proactive threat research, and recommend mitigation strategies.

• Evaluate and determine if/when cybersecurity violations have occurred through examination of network/application logs, open-source research, vulnerability and configuration scan data, and user provided reports.

• Conduct investigations, analysis, and evaluation of projects to determine cybersecurity risk and feasibility as required.

• Administer, maintain, and tune cybersecurity products and services (such as: secure mail gateway, SIEM, IDS/IPS, EDR, vulnerability management, brand monitoring, threat intelligence, security rating, DDoS, web proxy, file integrity monitoring (FIM), data loss prevention (DLP), User Entity & Behavioral Analytics (UEBA)).

• Provide and implement recommendations for new technical controls to help mitigate security vulnerabilities.

• Coordinate and support patch and vulnerability management program functions (report preparation, read-outs, remediation breakouts, ad-hoc requests).

• Provide cybersecurity technical assistance when needed by system/application owners.

• Support multiple day-to-day cybersecurity tasks and projects efforts.

• Provide regular status updates to leadership on projects and remediation efforts.

• Strong understanding of cybersecurity policies and procedures, ability to draft, modify and create standard operating procedures (SOPs) for use of other team members.

• Support organizational Security Awareness Training efforts (suggest training topics, coordinate phishing campaigns, enable awareness to end-users in support of incidents).

• Support vulnerability assessments functions (such as: enterprise pen testing, application pen testing, static/dynamic testing, scorecard assessments).

• Participate and support afterhours/on-call rotation requirements for cybersecurity incidents.

• Develop, monitor, track, and present cyber security metrics.

• Coordinate response and remediation efforts across various departments in a cooperative and beneficial manner.

• Demonstrate ownership and understanding of tasks when engaging with other team members.

Qualifications

• Bachelor's degree in computer science, technology, or equivalent combination of education and relevant experience (required).

• 3+ years of relevant IT/Cybersecurity experience (required).

• 2+ years in security operations with hands-on experience with enterprise cybersecurity products, such as Rapid7, SentinelOne, Proofpoint, Office365, Microsoft Defender for Cloud, Microsoft Defender for Identity (required).

• 2+ years of SIEM (security information and event management) platform experience (required).

• 1+ year supporting adversary tactics and techniques based on MITRE attack framework (required).

• Knowledge of cyber security standards and frameworks such as ISO 27001, NIST CSF, NIST-800-53 (highly desired).

• Hands-on experience with tools like PowerShell, Vulnerability Management, Wireshark, and NMAP (required).

• Industry cybersecurity certification: CompTIA: Security+ or Pentest+, CEH, CISSP, OCSP, SANS: GCIH or GSEC, CISSP, ISACA: CISA or CISM, Security+, SSCP, or CCNA (required, or willing to attain within 3 months of start date).

• Hands-on Cloud infrastructure (Azure/AWS/GCP) cybersecurity remediation experience (desirable).

• Hands-on experience with next-gen endpoint detection/response (EDR), Enterprise Firewall, IPS, Log Management, Cisco, and Checkpoint experience (desirable).

• URL Filtering (web proxy) and troubleshooting experience (desirable).

Knowledge, Skills and Abilities

• Ability to understand and communicate industry trends, maintain awareness of current vulnerabilities and security concerns, and understand their impact on the organization.

• Ability to troubleshoot security/network/system-related issues and manage security components in operating environment.

• Solid understanding of attack vectors, common intrusion techniques, brand intelligence, threat intelligence, application/host/network security hardening, enterprise risk management concepts, and MITRE Attack Framework principles.

• Knowledge of enterprise risk assessment tools, technologies, and methodologies.

• Broad and thorough knowledge of enterprise security systems and devices.

• Knowledgeable in penetration testing, vulnerability assessments, and remediation.

• Designing and implementing cybersecurity controls in an operating environment.

• Able to make accurate work estimates and deliver projects within schedule constraints.

• Proficiency in network traffic analysis and packet analysis.

• Well-organized with the ability to coordinate and prioritize multiple tasks simultaneously with varying deadlines.

• Demonstrate understanding and in-depth knowledge of security threats and applying actionable data to processes and procedures.

• Demonstrate understanding and knowledge correlation analysis, along with an understanding of monitoring programs, such as Splunk and other SIEMs.

• Understanding of the OSI 7-layer model.

• Willing to work more than 40 hours and some weekends as needed.

• Willing to support after-hours and weekend on-call rotation support.

• Strong written and verbal communication skills.

• Ability to remain organized and to elicit cooperation from a wide variety of sources including team members and other internal departments.

• Ability to quickly learn new systems, devices, and methodologies.

• Able to work independently and with a team of peers and other departments.

Equipment Operated

Laptop endpoint running Windows and a variety of cybersecurity applications and commercial tools.

Work Environment

Typical office environment, adequately heated and cooled

Requires being on-call for after-hours and weekend support.

Physical Effort

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Positions Supervised

• None

Salary Range

$81,752 - $108,511

Please note: this posting has a closing date of 5/10/2024, midnight MT.

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.

Frontier Airlines, Inc. is an equal opportunity employer and, as such, is committed to providing equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability status, pregnancy, genetic information, citizenship status or any other basis protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Frontier Airlines is a Zero Tolerance Drug-Free Workplace. All prospective employees are subject to pre-employment testing for the following drugs and their metabolites: Marijuana, Cocaine, Amphetamines, Opioids and Phencyclidine (PCP). Further, any applicant who is found to have tested positive on any required drug or alcohol test at a former employer will be considered ineligible for employment with Frontier.