Pipeline Security Jobs (NOW HIRING)

Job Summary:
Allegiant is a national air carrier seeking a Principal Engineer for their DevSecOps program. This role involves leading the DevSecOps team, owning security tooling, and ensuring the security of code, infrastructure, and cloud workloads throughout CI/CD pipelines.
Responsibilities:
• Proven and demonstrable ability to lead at least two other team members in an official capacity towards specific DevSecOps outcomes.
• Lead the DevSecOps team (two engineers) in daily execution, weekly syncs, and PI planning. Ensure stories are accurate, scoped, and deliverable.
• Own and drive the DevSecOps roadmap across pipeline security, IaC policy enforcement, application security tooling, and cloud security posture management.
• Embedding threat modeling into pipelines and workflows to provide real-time analysis of architectural changes in products.
• Architect and maintain security gates in GitHub Actions CI/CD pipelines. Define when and how scans run, what blocks a merge, and how results route to developers.
• Administer GitHub Advanced Security across the organization: CodeQL query suites, secret scanning policies, Dependabot configuration, and developer-facing campaign management.
• Author and deploy Checkov custom policies for Terraform IaC scanning. Drive golden policy adoption from current 25% pipeline coverage toward 75%+ with hard-fail enforcement.
• Operate and configure Palo Alto Prisma or Cortex (CNAPP) for cloud security posture, image scanning, and AppSec integration.
• Manage Terraform-based infrastructure security across multi-account AWS environments using Control Tower, IAM, VPC, and Transit Gateway.
• Integrate security tooling outputs into SIEM and SOAR for alerting, triage, and response workflows.
• Mentor two mid-level engineers. Identify skills gaps, provide hands-on training, and review their work.
• Collaborate with Security Governance to produce compliance evidence for PCI-DSS, NIST, and CIS controls derived from DevSecOps tooling.
• Support acquisition security assessments by evaluating incoming technology stacks against Allegiant's IaC and pipeline security standards.
• Define and enforce security governance for agentic AI tooling, including MCP server registries, gateway configurations, and trust policies for AI-to-tool interactions.
• Document architecture decisions, policy rationale, and runbooks. Maintain documentation quality standards across the DevSecOps team.
• Participate in SAFe Agile planning. Maintain strong Jira hygiene. Assist security leadership in backlog prioritization and capacity negotiation with product owners.
• Provide technical leadership to the DevSecOps team daily and during PI planning.
• Lead the DevSecOps team in weekly syncs to track program progress, remove blockers, and adjust priorities.
• Advises the IT organization towards adoption of standards and influences security security culture—setting the tone and expectations for secure SDLC.
• Own GitHub Advanced Security administration: manage CodeQL query suites, configure secret scanning policies, tune Dependabot alerts, and run developer adoption campaigns.
• Build, maintain, and enforce security scanning stages in GitHub Actions pipelines across the organization.
• Author custom Checkov policies for Terraform IaC. Drive golden policy deployment across all pipelines toward hard-fail enforcement.
• Operate and configure Cortex Cloud (CNAPP) for cloud workload protection, image scanning, and application security posture.
• Manage Terraform-based security infrastructure across multi-account AWS environments (Control Tower, IAM, VPC, Transit Gateway).
• Integrate DevSecOps tooling outputs into SIEM and Cortex XSOAR (SOAR) for detection, alerting, and automated response.
• Collaborate with Security Governance to generate and validate compliance evidence from automated tooling for PCI-DSS, NIST, and CIS.
• Evaluate incoming technology stacks from acquisitions against Allegiant's pipeline and IaC security standards.
• Document architecture decisions, security policies, and operational runbooks. Maintain team documentation standards.
• Identify skills gaps on the DevSecOps team. Provide training, pair on complex work, and review output from junior and mid-level engineers.
• Work with DevOps and Full Stack Engineering to ensure security gates are adopted, not circumvented. Measure and report on developer adoption.
• Maintain SAFe Agile practices. Keep Jira hygiene current. Assist security leadership with story sizing, capacity planning, and backlog negotiation.
• Promote awareness of DevSecOps program objectives during PI planning and cross-team syncs.
• Recommend and implement efficiencies for security alerting, triage workflows, and operational intake.
• Define and maintain security controls for agentic AI tooling: MCP trusted server registries, gateway configurations, tool-use authorization policies, and usage standards.
• Troubleshoot and resolve escalated security tooling issues across pipelines, cloud infrastructure, and application scanning.
• Support the security manager in long-range planning, roadmap development, and team growth strategy.
• Other duties as assigned.
Qualifications:
Required:
• Proven and demonstrable ability to lead at least two other team members in an official capacity towards specific DevSecOps outcomes.
• Lead the DevSecOps team (two engineers) in daily execution, weekly syncs, and PI planning. Ensure stories are accurate, scoped, and deliverable.
• Own and drive the DevSecOps roadmap across pipeline security, IaC policy enforcement, application security tooling, and cloud security posture management.
• Embedding threat modeling into pipelines and workflows to provide real-time analysis of architectural changes in products.
• Architect and maintain security gates in GitHub Actions CI/CD pipelines. Define when and how scans run, what blocks a merge, and how results route to developers.
• Administer GitHub Advanced Security across the organization: CodeQL query suites, secret scanning policies, Dependabot configuration, and developer-facing campaign management.
• Author and deploy Checkov custom policies for Terraform IaC scanning. Drive golden policy adoption from current 25% pipeline coverage toward 75%+ with hard-fail enforcement.
• Operate and configure Palo Alto Prisma or Cortex (CNAPP) for cloud security posture, image scanning, and AppSec integration.
• Manage Terraform-based infrastructure security across multi-account AWS environments using Control Tower, IAM, VPC, and Transit Gateway.
• Integrate security tooling outputs into SIEM and SOAR for alerting, triage, and response workflows.
• Mentor two mid-level engineers. Identify skills gaps, provide hands-on training, and review their work.
• Collaborate with Security Governance to produce compliance evidence for PCI-DSS, NIST, and CIS controls derived from DevSecOps tooling.
• Support acquisition security assessments by evaluating incoming technology stacks against Allegiant's IaC and pipeline security standards.
• Define and enforce security governance for agentic AI tooling, including MCP server registries, gateway configurations, and trust policies for AI-to-tool interactions.
• Document architecture decisions, policy rationale, and runbooks. Maintain documentation quality standards across the DevSecOps team.
• Participate in SAFe Agile planning. Maintain strong Jira hygiene. Assist security leadership in backlog prioritization and capacity negotiation with product owners.
• Combination of Education and Experience will be considered. Must be authorized to work in the US as defined by the Immigration Act of 1986.
• Must pass a Criminal Background Check.
• Education: Bachelor’s Degree or equivalent experience.
• Years of Experience: Minimum eight (8) years experience in information security.
• Minimum eight (8) years supporting / implementing network security platforms & strategies.
Preferred:
• Has production experience across all four domains: application security, pipeline engineering, cloud infrastructure security, and IaC governance. Can demonstrate work in each, not just one or two.
• Has administered GitHub Advanced Security (CodeQL, secret scanning, Dependabot) for an organization with active developer adoption metrics.
• Has authored custom Checkov or equivalent IaC policies that enforced specific compliance or security outcomes in production pipelines.
• Has operated a CNAPP platform (Palo Alto Cortex Cloud, Prisma Cloud, Wiz, or Orca) including onboarding, policy configuration, and integration with engineering workflows.
• Has integrated security scan outputs into a SIEM and SOAR (Cortex XSOAR preferred) platform.
• Has experience with Cloud Custodian or similar cloud governance automation.
• Has gathered compliance evidence from automated tooling for PCI-DSS, NIST, or CIS audits.
• Has led or mentored a small engineering team (2-5 engineers).
• Has hands-on experience securing agentic AI systems: MCP server configuration, AI gateway trust policies, tool-use authorization, or prompt injection controls. Can point to public artifacts (GitHub repos, blog posts, talks, open-source work) demonstrating this experience.
• Can provide references or artifacts demonstrating security tooling adopted by development teams in production.
Company:
Las Vegas-based Allegiant (NASDAQ: ALGT) is focused on linking travelers in small cities to world-class leisure destinations. Founded in 1997, the company is headquartered in Las Vegas, USA, with a team of 1001-5000 employees. The company is currently Late Stage.