Lead - Incident Responder Cybersecurity

The Lead Incident Responder of Cybersecurity Operations is responsible for investigating, containing, eradicating, and recovering from cybersecurity incidents across the Frontier enterprise environment. This role provides leadership, hands-on incident response, digital forensics, threat analysis, and coordination support during active incidents.

The Lead Incident Responder delivers timely and accurate analysis of internal and external threats using detection and response platforms and collaborates with SOC analysts, threat hunters, IT teams, and management to reduce organizational risk. The scope of the environment includes SIEM, EDR, network security controls, cloud platforms, vulnerability management, and threat intelligence services.

Essential Functions

• Monitor, investigate, analyze, respond to, and document cybersecurity incidents identified through detection and response platforms.
• Serve as Incident Commander, when assigned, to run the bridge, track actions/owners, and drive cadence.
• Define severity, business impact, and required engagement level (e.g., Sev1-Sev4), and lead initial triage to determine scope and next actions.
• Execute the full incident response lifecycle: identification, containment, eradication, recovery, and post-incident review
• Perform in-depth alert and event analysis across SIEM, EDR, network, endpoint, and cloud sources
• Collect, preserve, and analyze forensic evidence including logs, disk artifacts, memory artifacts, and network traffic
• Apply threat intelligence, indicators of compromise (IOCs), and adversary tactics and techniques using the MITRE ATT&CK framework
• Escalate incidents to Cybersecurity Operations Management and Incident Response Team members as required
• Support active incident response efforts, tabletop exercises, and threat simulation activities
• Conduct investigative analysis to determine impact, scope, and root cause of security incidents
• Lead the detection engineering feedback loop by converting incident learnings into new detections/use cases (SIEM rules, EDR analytics), tune to reduce false positives, and validate via testing.
• Assist with threat hunting activities to proactively identify malicious activity within the environment
• Validate suspected exploitation of vulnerabilities and support remediation efforts
• Coordinate with IT, application, and infrastructure teams to support containment and recovery actions
• Maintain accurate incident documentation, timelines, and reports
• Develop, coordinate, and maintain playbooks for common cyber-related enterprise events including ransomware, business email compromise, identity compromise, etc.
• Use (and help improve) SOAR playbooks for containment (account disable, host isolation, IOC blocking), enrichment, and reporting.
• Contribute to the development and maintenance of incident response procedures and standard operating procedures (SOPs)
• Participate in after-hours and on-call rotation requirements for cybersecurity incidents
• Provide regular status updates to Cybersecurity Operations Management during investigations
• Coordinate internal/external communications (Legal, Privacy, Comms/PR, HR) following established playbooks.
• Coordinate with MSSP/IR retainer and key vendors as needed during active incidents
• Track and report MTTA/MTTR, dwell time, containment time, recurrence, and lessons learned; contribute to operational reporting., Laptop endpoint running Windows and a variety of commercial and open-source cybersecurity tools

Work Environment

• Hybrid work environment (in-office and remote), subject to change
• Requires participation in on-call rotation for after-hours and weekend incident response

Physical Effort

Light physical effort required by handling objects up to 20 pounds occasionally and/or up to 10 pounds frequently.

Supervision Received

General Direction: The incumbent normally receives little instruction on day-to-day work and receives general instructions on new assignments.

• Bachelor's degree in computer science, information technology, cybersecurity, or equivalent combination of education and relevant experience (required)
• 5-10 years of relevant cybersecurity or IT operations experience (required)
• 4 years of hands-on incident response or security operations experience (required)
• Experience working with enterprise cybersecurity tools such as SIEM, EDR, IDS/IPS, vulnerability management, and threat intelligence platforms
• Experience analyzing adversary tactics and techniques using the MITRE ATT&CK framework
• Familiarity with cybersecurity standards and frameworks such as NIST CSF, NIST 800-61, and PCI DSS (desired)

Knowledge, Skills and Abilities

• Strong understanding of incident response processes and investigative methodologies
• Proficiency in SIEM platforms (e.g., Splunk, Microsoft Sentinel, QRadar, or similar)
• Hands-on experience with endpoint detection and response (EDR) tools such as SentinelOne, CrowdStrike, or Microsoft Defender
• Ability to analyze and correlate logs from firewalls, endpoints, servers, SaaS platforms, and cloud environments
• Proficiency in network traffic and packet analysis using tools such as Wireshark
• Working knowledge of malware triage and basic static/dynamic analysis techniques
• Understanding of Active Directory, identity-based attacks, and authentication workflows
• Knowledge of Windows and Linux operating systems and common attack vectors
• Ability to apply threat intelligence and OSINT to incident investigations
• Strong analytical and problem-solving skills with attention to detail
• Ability to communicate clearly and effectively, both verbally and in writing
• Ability to work independently and collaboratively in a fast-paced, high-pressure environment
• Willingness to support after-hours and weekend on-call rotation

Certifications (Preferred)

• CompTIA Security
• CompTIA CySA
• GIAC Certified Incident Handler (GCIH)
• GIAC Intrusion Analyst (GCIA)
• GIAC Certified Enterprise Defender (GCED)
• CEH
• Microsoft SC-200 or cloud security certifications (Azure/AWS)

At Frontier, we like to think we're creating something very special for our team members. Work is why we're here, but the perks are nice too:

• Flight benefits for you and your family to fly on Frontier Airlines.
• Buddy passes for your friends so they can experience what makes us so great.
• Discounts throughout the travel industry on hotels, car rentals, cruises and vacation packages.
• Discounts on cell phone plans, movie tickets, restaurants, luggage and over 2,000 other vendors.
• Enjoy a 'Dress for your Day' business casual environment.
• Flexible work schedules that support work/life balance.
• Total Rewards program including a competitive base salary, short term incentives, long-term incentives, paid holidays, 401(k) plan, vacation/sick time and medical/dental/vision insurance that begins the 1st of the month following your hire date.
• We play our part to make a difference. The HOPE League, Frontier Airlines' non-profit organization, is dedicated to providing employees financial assistance during catastrophic hardship.

At Frontier, we believe the skies should be for everyone. We deliver on this promise through our commitment to Low Fares Done Right. This is more than our tagline - it's our driving philosophy. Every member of Team Frontier has an important role to play in bringing this vision to life. Our successful business model allows travelers to take advantage of our fast-growing route network while our bundled and unbundled pricing options allow our customers to personalize their travel experience and only pay for the services they need - saving them money along the way. What We Stand For Low Fares Done Right is our mission and we strive to bring it to life every day. Our 'Done Right' promise means delivering not only affordable prices, but making travel friendly and easy for our customers. To do this, we put a great deal of care into every decision and action we take. We must be efficient with the use of our resources and make smart decisions about how we run our business. We must also innovate and be pioneers - we're not afraid to try new things. While our business requires us to fly high in the air, we also consider ourselves down-to-earth in our approach, creating a warm and friendly experience that truly demonstrates Rocky Mountain Hospitality., Frontier Airlines is a leading ultra-low cost carrier headquartered in Denver, Colorado. With a mission to deliver Low Fares Done Right, the company provides affordable, convenient and accessible air travel throughout the U.S., Caribbean, Mexico and Latin America. Frontier's highly fuel-efficient, all-Airbus fleet is among the youngest and most modern of any carrier within the U.S. That, combined with the airline's many weight-saving initiatives and focus on operational efficiencies, makes Frontier America's Greenest Airline.* Each Frontier Airlines plane tail features a special animal with a unique name and backstory. Many of the featured species are endangered or threatened, part of the airline's commitment to underscore and raise awareness for their plight. Frontier serves approximately 100 destinations throughout North America and operates 500-plus daily flights, on average. The airline employs more than 7,000 team members and has crew bases in more than a dozen U.S. cities. Frontier Airlines., Inc., is a subsidiary of Frontier Group Holdings, Inc. (NASDAQ: ULCC). * Frontier is the most fuel-efficient of all major U.S. carriers when measured by ASMs per fuel gallon consumed.