Architect, Web Application (Cybersecurity)

Why Work for Frontier Airlines?

At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - it’s our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need – saving them money along the way.

What We Stand For

Low Fares Done Right is our mission and we strive to bring it to life every day. Our ‘Done Right’ promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - we’re not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality.

Work Perks

At Frontier, we like to think we’re creating something very special for our team members. Work is why we’re here, but the perks are nice too:

• Flight benefits for you and your family to fly on Frontier Airlines.
• Buddy passes for your friends so they can experience what makes us so great.
• Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages.
• Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors.
• Enjoy a ‘Dress for your Day’ business casual environment.
• Flexible work schedules that support work/life balance.
• Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date.
• We play our part to make a difference. The HOPE League, Frontier Airlines’ non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship.
  
  
  

Who We Are

Frontier Airlines is committed to offering ‘Low Fares Done Right’ to more than 100 destinations and growing in the United States, Canada, Dominican Republic and Mexico on more than 350 daily flights. Headquartered in Denver, Frontier’s hard-working aviation professionals pride themselves in delivering the company’s signature Low Fares Done Right service to customers. Frontier Airlines is the proud recipient of the Federal Aviation Administration’s 2018 Diamond Award for maintenance excellence and was recently named the industry’s most fuel-efficient airline by The International Council on Clean Transportation (ICCT) as a result of superior technology and operational efficiencies.

What Will You Be Doing?

The Web Application Architect works as part of the Cybersecurity team to manage and secure web-based applications hosted on-premises and in the cloud. In this role, the Web Application Architect is responsible for designing secure WAF, Bot Mitigation, and DDoS Mitigation configurations that defend against threats and vulnerabilities without impeding the business and customer experience. The architect executes controls adhering to policies, monitors against the threat landscape and recommends changes where necessary. Working as part of the team, the architect shares information and testing effectiveness of controls and collaborates to counter threats and vulnerabilities. The architect understands the applications in use, where weaknesses may exist and introduce security controls to thwart vulnerabilities on Frontier applications. The architect will work closely in collaboration with other information technology, cybersecurity, and development teams to promote Secure Software Development Life Cycle (sSDLC) processes and cybersecurity best practices.

Essential Functions

• Act as a subject matter expert for Web Application Firewall (WAF), BOT Mitigation (BotM), and DDoS Mitigation platforms.
• Evaluate/formulate cybersecurity architectures and designs that balance the implementation of cyber security controls and meet the businesses’ functional requirements.
• Define and develop security requirements using risk assessments, threat modeling, testing, and analysis of existing systems.
• Oversee web application security functions, developing and driving programmatic efforts to address external, internal, and emerging application security risks throughout the organization.
• Design, build, configure, deploy, and support Web Application Firewall (WAF) and BOT Mitigation (BotM) platforms and policies.
• Design, configure and maintain WAF/BotM solutions on-prem and in the cloud environments
• Configure new sites and applications for WAF/BotM protection, analysis of traffic to remove false positives
• Work closely with the engineering/architecture teams to evaluate the security readiness of new and existing applications introduced into the environment.
• Design, test and deploy solutions and settings with rules designed to protect against vulnerabilities and threats targeting web-based and mobile applications.
• Architect, engineer, implement, and monitor security measures for the protection of Frontier computer systems, networks, and information resources.
• Oversee compliance hardening governance on cloud and application landscape. Conducting hardening checks of device configurations to determine version compliance and identify and mitigate weaknesses.
• Review reports from vulnerability and penetration tests, and results from tabletop exercises, to identify exposure and improve application security posture in tandem with application security engineers.
• Develop and oversee compliance of the Secure Software Development Lifecycle (sSDLC) processes.
• Work closely in collaboration with other cybersecurity and development teams to design a Secure Software Development Life Cycle (SSDLC) in conjunction with industry best practices.
• Create WAF/BotM rules/signatures to mitigate threats and implements best practices
• Liaise with cybersecurity, threat intelligence, information technology, software development, and 3rd party development teams members.
• Document and address organizational cybersecurity architecture and systems security engineering requirements throughout their lifecycles.
• Identify and prioritize support of business-critical web application with organizational stakeholders.
• Monitors systems activities and fine tunes system parameters and configuration to optimize performance and ensure security of systems
• Openly support the organization, management, and executive leadership team, even during times of adversity.
• Perform root cause analysis on cyber incidents, issues, and determines the proper course of action
• Research and recommend changes to procedures and systems to enhance application and data security.
• Conduct security assessments of application, network, and computing architecture before systems are placed in production.
• Design, develop, and deliver application security strategy throughout the CI/CD lifecycle.
• Enable security best-practices and security software integration into application developers SDLC processes.
• Work with the system/application teams to ensure that application security risks are effectively identified with security testing functions (SAST, DAST, IAST, pen test) and appropriately addressed while maintaining a balance between security & usability.
• Document and maintain policies and standard operating procedures aligning with strong security practices, standards, application, and host integrity, and OWASP best practices.
• Implement tools to assess and enforce application security policies and guidelines.
• Work with security team members to enforce thorough application inventory and management standards, as well as audit compliance for applications and services under corporate policies.
• Coordinate delivery of secure coding awareness training to software developers.
• Advocate for cybersecurity innovation in all aspects of the organization.
• Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
• Communicate technical application security control concepts to team members, including developers, engineers, and managers.
• Be professionally accountable for remaining educated on the threat landscape and mitigation techniques.
• Be an application security evangelist who can translate security concepts into language that is meaningful to varying audiences, including business and technical leaders.
• Perform other duties as assigned.
  
  
  

Qualifications

• Bachelor’s degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field.
• 7 + years of experience in enterprise security or application security.
• 7+ years of experience deploying, configuring, managing a Web Application Firewall (WAF) platform.
• 5+ years of experience deploying, configuring, managing a Bot Mitigation (BotM) platform.
• 5+ years of experience deploying, configuring, managing a DDoS Mitigation platform.
• 2 + years of experience working in a cloud-native environment such as Azure, AWS, GCP.
• Hold an active cybersecurity certification, such as a CSSLP, CISSP, CISA, CCP, CSSLP, GCSA MCP, MCSE, SANS, or Microsoft AZ (highly desired, or equivalent experience is acceptable).
• Relevant industry certifications such as SANS, CISSP, CCNA, etc. desired.
• Experience with the airline industry a plus.
  
  
  

Knowledge, Skills And Abilities

• Familiarity with tools such as Akamai, Radware, F5, or PerimeterX is preferred.
• Experience installing, configuring, and supporting Web Application Firewalls (WAFs) in a complex enterprise environment.
• Experience with Web Application Firewall (WAF) configuration, policy, and management of related tools.
• Experience with Bot Mitigation (BotM) configuration, policy, and management of related tools.
• Experience with DDoS Mitigation deployments (IPSec/GRE tunnels), configuration, policy, and management of related tools.
• Proficiency with applications, databases, web services, authentication, and middleware servers.
• Knowledge of mobile application and device security (iOS, Android, Mobile SDKs).
• Experience with security concepts and tooling such as: SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), IAST (Interactive Application Security Testing), Web Application Penetration Testing, and Open-Source Analysis.
• Understanding of OWASP Top Ten, threats and vulnerabilities, and tactics used to compromise applications.
• Experience with secure CI/CD pipeline design and architecture, automation, and secure code gating.
• Experience securing cloud IAAS and PAAS environments (Azure, AWS, Google Cloud).
• Ideally familiar with one or more regulatory requirements and laws such as, Sarbanes-Oxley Act (SOX), HIPAA, GDPR, California Consumer Privacy Act (CCPA) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following: ISO 17799, ITIL, Cybersecurity Maturity Model Certification and NIST Cybersecurity Framework.
• Aptitude with one or more scripting languages (e.g., Python, PowerShell, JavaScript, and Bash).
• Experience with industry compliance standards and frameworks such as PCI-DSS, HIPPA, NIST, ISO, ITIL, COSO, COBIT, and SOC1/2.
• Be able to work independently and collaboratively with others.
• Organized with the ability to prioritize and complete tasks within defined service-level agreements (SLAs).
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• Working knowledge of network and web related protocols
• Demonstrable awareness of the latest trends relating to network and web security issues, techniques, and protocols
• Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible.
• Excellent written and oral communication skills; ability to problem solve with little to no supervision.
• Excellent troubleshooting skills.
  
  
  

Equipment Operated

Web Application Firewall (WAF), Bot Mitigation (BotM), DDoS Mitigation, and Secure Coding platforms, and CI/CD pipeline platforms (e.g., Azure DevOps).

Work Environment

Typical office environment, adequately heated and cooled.

Will require being on call for afterhours and weekend support.

Physical Effort

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Positions Supervised

Not applicable currently.

Salary Range

$110,114.00 - $146,157.00

Please note: this posting has a closing date of 6/14/2024, midnight MT.

Workplace Policies

At Frontier Airlines, we wholeheartedly support and have a strong commitment to Equal Employment Opportunity (EEO) and Affirmative Action. Frontier is committed to providing equal employment opportunities for all persons regardless of race, color, religion, gender, gender variance, sexual orientation, age, genetic information, martial status, national origin, citizenship status, disability, military, veteran status, and any other basis protected by federal, state, or local laws.

Diversity is an essential part of our success. Our company flourishes because of the unique backgrounds, skills and ideas that our team members contribute every day. We salute and actively recruit veterans. Military experience is valuable and transferable to many of the positions essential to the operations of our airline.

Frontier Airlines is a Zero Tolerance Drug-Free Workplace. All prospective DOT safety-sensitive employees are subject to pre-employment testing for the following drugs and their metabolites: Marijuana, Cocaine, Amphetamines, Opioids and Phencyclidine (PCP). Further, any DOT safety-sensitive job applicant who is found to have tested positive on any required drug or alcohol test at a former employer will be considered ineligible for employment with Frontier.

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.