Frontier Airlines

Lead - Incident Responder Cybersecurity

Frontier Airlines$110K — $146K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in computer science, information technology, cybersecurity, or a similar field.
  • 5-10 years of relevant cybersecurity or IT operations experience.
  • 4+ years of hands-on incident response or security operations experience.
  • Experience with enterprise cybersecurity tools like SIEM, EDR, and IDS/IPS.
  • Familiarity with the MITRE ATT&CK framework and cybersecurity standards such as NIST CSF.

Responsibilities

  • Monitor and document cybersecurity incidents through detection platforms.
  • Serve as Incident Commander to manage response actions.
  • Lead initial triage of security incidents to define severity and next actions.
  • Execute full incident response lifecycle including containment and recovery.
  • Analyze alerts and events across various sources for threat identification.

Benefits

  • Hybrid work environment with both in-office and remote options.
  • Participate in after-hours and weekend on-call rotation for incident response.
  • Opportunity for continuous learning and professional development in a dynamic field.
Full Job Description
What Will You Be Doing?

The Lead Incident Responder of Cybersecurity Operations is responsible for investigating, containing, eradicating, and recovering from cybersecurity incidents across the Frontier enterprise environment. This role provides leadership, hands-on incident response, digital forensics, threat analysis, and coordination support during active incidents.

The Lead Incident Responder delivers timely and accurate analysis of internal and external threats using detection and response platforms and collaborates with SOC analysts, threat hunters, IT teams, and management to reduce organizational risk. The scope of the environment includes SIEM, EDR, network security controls, cloud platforms, vulnerability management, and threat intelligence services.

Essential Functions

  • Monitor, investigate, analyze, respond to, and document cybersecurity incidents identified through detection and response platforms.
  • Serve as Incident Commander, when assigned, to run the bridge, track actions/owners, and drive cadence.
  • Define severity, business impact, and required engagement level (e.g., Sev1-Sev4), and lead initial triage to determine scope and next actions.
  • Execute the full incident response lifecycle: identification, containment, eradication, recovery, and post-incident review
  • Perform in-depth alert and event analysis across SIEM, EDR, network, endpoint, and cloud sources
  • Collect, preserve, and analyze forensic evidence including logs, disk artifacts, memory artifacts, and network traffic
  • Apply threat intelligence, indicators of compromise (IOCs), and adversary tactics and techniques using the MITRE ATT&CK framework
  • Escalate incidents to Cybersecurity Operations Management and Incident Response Team members as required
  • Support active incident response efforts, tabletop exercises, and threat simulation activities
  • Conduct investigative analysis to determine impact, scope, and root cause of security incidents
  • Lead the detection engineering feedback loop by converting incident learnings into new detections/use cases (SIEM rules, EDR analytics), tune to reduce false positives, and validate via testing.
  • Assist with threat hunting activities to proactively identify malicious activity within the environment
  • Validate suspected exploitation of vulnerabilities and support remediation efforts
  • Coordinate with IT, application, and infrastructure teams to support containment and recovery actions
  • Maintain accurate incident documentation, timelines, and reports
  • Develop, coordinate, and maintain playbooks for common cyber-related enterprise events including ransomware, business email compromise, identity compromise, etc.
  • Use (and help improve) SOAR playbooks for containment (account disable, host isolation, IOC blocking), enrichment, and reporting.
  • Contribute to the development and maintenance of incident response procedures and standard operating procedures (SOPs)
  • Participate in after-hours and on-call rotation requirements for cybersecurity incidents
  • Provide regular status updates to Cybersecurity Operations Management during investigations
  • Coordinate internal/external communications (Legal, Privacy, Comms/PR, HR) following established playbooks.
  • Coordinate with MSSP/IR retainer and key vendors as needed during active incidents
  • Track and report MTTA/MTTR, dwell time, containment time, recurrence, and lessons learned; contribute to operational reporting.


Qualifications

  • Bachelor's degree in computer science, information technology, cybersecurity, or equivalent combination of education and relevant experience (required)
  • 5-10 years of relevant cybersecurity or IT operations experience (required)
  • 4+ years of hands-on incident response or security operations experience (required)
  • Experience working with enterprise cybersecurity tools such as SIEM, EDR, IDS/IPS, vulnerability management, and threat intelligence platforms
  • Experience analyzing adversary tactics and techniques using the MITRE ATT&CK framework
  • Familiarity with cybersecurity standards and frameworks such as NIST CSF, NIST 800-61, and PCI DSS (desired)


Knowledge, Skills and Abilities

  • Strong understanding of incident response processes and investigative methodologies
  • Proficiency in SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, or similar)
  • Hands-on experience with endpoint detection and response (EDR) tools such as SentinelOne, CrowdStrike, or Microsoft Defender
  • Ability to analyze and correlate logs from firewalls, endpoints, servers, SaaS platforms, and cloud environments
  • Proficiency in network traffic and packet analysis using tools such as Wireshark
  • Working knowledge of malware triage and basic static/dynamic analysis techniques
  • Understanding of Active Directory, identity-based attacks, and authentication workflows
  • Knowledge of Windows and Linux operating systems and common attack vectors
  • Ability to apply threat intelligence and OSINT to incident investigations
  • Strong analytical and problem-solving skills with attention to detail
  • Ability to communicate clearly and effectively, both verbally and in writing
  • Ability to work independently and collaboratively in a fast-paced, high-pressure environment
  • Willingness to support after-hours and weekend on-call rotation


Certifications (Preferred)

  • CompTIA Security+
  • CompTIA CySA+
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Intrusion Analyst (GCIA)
  • GIAC Certified Enterprise Defender (GCED)
  • CEH
  • Microsoft SC-200 or cloud security certifications (Azure/AWS)


Equipment Operated

Laptop endpoint running Windows and a variety of commercial and open-source cybersecurity tools

Work Environment

  • Hybrid work environment (in-office and remote), subject to change
  • Requires participation in on-call rotation for after-hours and weekend incident response


Physical Effort

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

Salary Range: $110,114 - $146,157. Please note: this posting has a closing date of on or before midnight 8.31.26 MT.

Positions Supervised

None

Workplace Policies

Disclaimer: The above statements are intended only to describe the general nature and level of work required of the referenced position; they are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Please be advised that duties and expectations of this position may be subject to change.

About Frontier Airlines

Frontier Airlines is a low-cost airline that operates flights to over 100 destinations in the United States, Mexico, and the Caribbean. The company was founded in 1994 and is headquartered in Denver, Colorado. Frontier Airlines is known for its low fares and customer-friendly policies, such as allowing passengers to bring one personal item and one carry-on bag for free. The airline has a fleet of over 100 aircraft and is constantly expanding its route network.
Learn more about Frontier Airlines
Size
4,000 employees
Industry
Founded
1994

Similar Jobs

More Jobs at Frontier Airlines

More Information Technology Jobs

Find similar Lead - Incident Responder Cybersecurity jobs: