Devsecops Jobs in Nevada (NOW HIRING)

Short Description
The Principal Engineer, Information Security (DevSecOps) is the technical lead for Allegiant's DevSecOps program. This person owns the security tooling, policies, and automation that protect code, infrastructure, and cloud workloads as they move through CI/CD pipelines into production.
This is not a generalist security role. The principal engineer must have production experience across four disciplines simultaneously: application security, pipeline engineering, cloud infrastructure, and infrastructure-as-code (IaC) governance. The role also requires working knowledge of securing agentic AI workflows, including MCP server governance, AI gateway configuration, and trust boundaries for tool-using AI systems. The role requires someone who has shipped security tooling that development teams actually adopted, not just evaluated or recommended.
The principal engineer leads a team of two mid-level engineers, unblocks technical problems, reviews architecture decisions, and drives delivery against committed program objectives. This person reports to the Senior Manager of Information Security Engineering and works closely with DevOps, Full Stack Engineering, and Security Governance. Allegiant is modernizing its web applications, expanding into new customer channels, and integrating a recent acquisition. Each of these increases the volume of code and infrastructure flowing through pipelines.
This role ensures security keeps pace with that velocity. This role prepares the principal engineer for future promotion tracks including Architect I and Manager I.
Summary
DevSecOps Principal Engineer Key Duties:
• Proven and demonstrable ability to lead at least two other team members in an official capacity towards specific DevSecOps outcomes.
• Lead the DevSecOps team (two engineers) in daily execution, weekly syncs, and PI planning. Ensure stories are accurate, scoped, and deliverable.
• Own and drive the DevSecOps roadmap across pipeline security, IaC policy enforcement, application security tooling, and cloud security posture management.
• Embedding threat modeling into pipelines and workflows to provide real-time analysis of architectural changes in products.
• Architect and maintain security gates in GitHub Actions CI/CD pipelines. Define when and how scans run, what blocks a merge, and how results route to developers.
• Administer GitHub Advanced Security across the organization: CodeQL query suites, secret scanning policies, Dependabot configuration, and developer-facing campaign management.
• Author and deploy Checkov custom policies for Terraform IaC scanning. Drive golden policy adoption from current 25% pipeline coverage toward 75%+ with hard-fail enforcement.
• Operate and configure Palo Alto Prisma or Cortex (CNAPP) for cloud security posture, image scanning, and AppSec integration.
• Manage Terraform-based infrastructure security across multi-account AWS environments using Control Tower, IAM, VPC, and Transit Gateway.
• Integrate security tooling outputs into SIEM and SOAR for alerting, triage, and response workflows.
• Mentor two mid-level engineers. Identify skills gaps, provide hands-on training, and review their work.
• Collaborate with Security Governance to produce compliance evidence for PCI-DSS, NIST, and CIS controls derived from DevSecOps tooling.
• Support acquisition security assessments by evaluating incoming technology stacks against Allegiant's IaC and pipeline security standards.
• Define and enforce security governance for agentic AI tooling, including MCP server registries, gateway configurations, and trust policies for AI-to-tool interactions.
• Document architecture decisions, policy rationale, and runbooks. Maintain documentation quality standards across the DevSecOps team.
• Participate in SAFe Agile planning. Maintain strong Jira hygiene. Assist security leadership in backlog prioritization and capacity negotiation with product owners.
Pipeline security engineering: Production experience building and maintaining security scanning stages in CI/CD pipelines. Must demonstrate pipelines they have built that run in production today, not proofs of concept. GitHub Actions is required.
Application security tooling at scale: Hands-on administration of GitHub Advanced Security or equivalent (Snyk, Veracode, Checkmarx) in an organization with 50+ repositories. Must show evidence of driving developer adoption of scan results, not just enabling tools.
Infrastructure-as-code policy: Experience writing and enforcing custom Checkov policies (or Bridgecrew, tfsec, Sentinel) against Terraform codebases. Must be able to describe policies they authored and the compliance or security outcomes those policies enforced.
Cloud infrastructure security: Deep working knowledge of AWS security constructs: Control Tower, IAM (including ABAC patterns), VPC architecture, Transit Gateway, and multi-account strategies. Must have operated these in production, not just designed them.
CNAPP operations: Experience operating a cloud-native application protection platform (Palo Alto Cortex Cloud preferred, Prisma Cloud, Wiz, or Orca acceptable). Must describe onboarding workflows, policy tuning, and integration with engineering teams.
Delivery track record: Candidates must provide specific examples of security tooling they shipped that was adopted by development teams. "Evaluated," "assessed," or "recommended" do not count. We need builders who finish.
AI security and MCP governance: Demonstrated experience securing agentic AI workflows: MCP server trust boundaries, AI gateway configuration, prompt injection mitigation, or tool-use authorization policies. Candidates should be able to point to public work (GitHub repositories, blog posts, conference talks, or open-source contributions) showing hands-on engagement with AI security, not just awareness of the topic.
Communication and mentorship: Able to coach junior and mid-level engineers through hands-on pairing, clear documentation, and direct feedback. Comfortable presenting architecture decisions to security leadership and engineering stakeholders.
Visa Sponsorship Available
No
Minimum Requirements
Combination of Education and Experience will be considered. Must be authorized to work in the US as defined by the Immigration Act of 1986. Must pass a Criminal Background Check.
Education: Bachelor's Degree or equivalent experience.
Certification: Technical certifications or equivalents, CISSP is optional.
Years of Experience:
Minimum eight (8) years experience in information security.
Minimum eight (8) years supporting / implementing network security platforms & strategies.
Preferred Requirements
• Has production experience across all four domains: application security, pipeline engineering, cloud infrastructure security, and IaC governance. Can demonstrate work in each, not just one or two.
• Has administered GitHub Advanced Security (CodeQL, secret scanning, Dependabot) for an organization with active developer adoption metrics.
• Has authored custom Checkov or equivalent IaC policies that enforced specific compliance or security outcomes in production pipelines.
• Has operated a CNAPP platform (Palo Alto Cortex Cloud, Prisma Cloud, Wiz, or Orca) including onboarding, policy configuration, and integration with engineering workflows.
• Has integrated security scan outputs into a SIEM and SOAR (Cortex XSOAR preferred) platform.
• Has experience with Cloud Custodian or similar cloud governance automation.
• Has gathered compliance evidence from automated tooling for PCI-DSS, NIST, or CIS audits.
• Has led or mentored a small engineering team (2-5 engineers).
• Has hands-on experience securing agentic AI systems: MCP server configuration, AI gateway trust policies, tool-use authorization, or prompt injection controls. Can point to public artifacts (GitHub repos, blog posts, talks, open-source work) demonstrating this experience.
• Can provide references or artifacts demonstrating security tooling adopted by development teams in production.
Job Duties
• Provide technical leadership to the DevSecOps team daily and during PI planning.
• Lead the DevSecOps team in weekly syncs to track program progress, remove blockers, and adjust priorities.
• Advises the IT organization towards adoption of standards and influences security security culture-setting the tone and expectations for secure SDLC.
• Own GitHub Advanced Security administration: manage CodeQL query suites, configure secret scanning policies, tune Dependabot alerts, and run developer adoption campaigns.
• Build, maintain, and enforce security scanning stages in GitHub Actions pipelines across the organization.
• Author custom Checkov policies for Terraform IaC. Drive golden policy deployment across all pipelines toward hard-fail enforcement.
• Operate and configure Cortex Cloud (CNAPP) for cloud workload protection, image scanning, and application security posture.
• Manage Terraform-based security infrastructure across multi-account AWS environments (Control Tower, IAM, VPC, Transit Gateway).
• Integrate DevSecOps tooling outputs into SIEM and Cortex XSOAR (SOAR) for detection, alerting, and automated response.
• Collaborate with Security Governance to generate and validate compliance evidence from automated tooling for PCI-DSS, NIST, and CIS.
• Evaluate incoming technology stacks from acquisitions against Allegiant's pipeline and IaC security standards.
• Document architecture decisions, security policies, and operational runbooks. Maintain team documentation standards.
• Identify skills gaps on the DevSecOps team. Provide training, pair on complex work, and review output from junior and mid-level engineers.
• Work with DevOps and Full Stack Engineering to ensure security gates are adopted, not circumvented. Measure and report on developer adoption.
• Maintain SAFe Agile practices. Keep Jira hygiene current. Assist security leadership with story sizing, capacity planning, and backlog negotiation.
• Promote awareness of DevSecOps program objectives during PI planning and cross-team syncs.
• Recommend and implement efficiencies for security alerting, triage workflows, and operational intake.
• Define and maintain security controls for agentic AI tooling: MCP trusted server registries, gateway configurations, tool-use authorization policies, and usage standards.
• Troubleshoot and resolve escalated security tooling issues across pipelines, cloud infrastructure, and application scanning.
• Support the security manager in long-range planning, roadmap development, and team growth strategy.
• Other duties as assigned.
Physical Requirements
The Physical Demands and Work Environment described here are a representative of those that must be met by a Team Member to successfully perform the essential functions of the role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the role.
Office/IT - While performing the duties of this job, the Team Member is regularly required to stand, sit, talk, hear, see, reach, stoop, kneel, and use hands and fingers to operate a computer, key board, printer, and phone. May be required to lift, push, pull, or carry up to 50 lbs. May be required to work various shifts/days in a 24 hour situation. Regular attendance is a requirement of the role. Exposure to moderate noise (i.e. business office with computers, phones, printers, and foot traffic), temperature and light fluctuations. Ability to work in a confined area as well as the ability to sit at a computer terminal for an extended period of time. Some travel may be a requirement of the role.
Essential Services Provider
Allegiant as a national air carrier is deemed an essential service provider during declared national and state emergencies. Team Members will be required to report to their assigned trip or work location during national and state emergencies unless prohibited by local, state or federal order.
EEO Statement
We welcome all individuals from varied backgrounds and experiences to apply. Our company values the unique perspectives and talents that each person brings to our team.
Equal Opportunity Employer: Disability/Veteran
For more information, see https://allegiantair.jobs
$153,000 - $194,600 a year
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.