Manager IS Threat Defense, ITS Security & Risk Management
ALASKA AIRLINES' STORY
Alaska Airlines is one of the most respected names in aviation and flies throughout its namesake state and the Lower 48, as well as to Hawaii, Canada and Mexico. Our roots date to 1932 and are symbolized by the Eskimo painted on the tails of our aircraft. Guided by what we call the "Alaska Spirit", we pride ourselves on providing a lifeline to remote communities while delivering renowned service to everyone we fly. This commitment has brought us national and international recognition. We've been honored with a variety of awards by readers of Travel + Leisure, Conde Nast Traveler, USA Today and others. Alaska is the premier airline for people on the West Coast and, together with its sister carrier Horizon Air, flies to more than 90 destinations. The two airlines are subsidiaries of Alaska Air Group Inc. (NYSE:ALK) with annual revenues exceeding $4 billion.
- Leads vulnerability management activities performing identification, analysis, validation, rating/triage, reporting and remediation support of vulnerabilities & misconfigurations
- Oversees and performs risk assessments and technical testing of the companies security posture and translates data into enterprise risk
- Organizes, executes and participates in red team/blue team exercises to test security controls
- Reviews proposed changes to firewall rules, image updates, external connectivity requests, etc to determine whether vulnerabilities/risk will be created
- Recommends mitigations for vulnerabilities and exploits such as patches, IPS signatures, configuration or policy settings, access controls, etc. and manages response
- Determines appropriate security platform policies/configs using threat intelligence data, security event data and other sources to ensure effective security controls and prevent productivity impacts
- Conducts and/or coordinates testing to determine if vulnerabilities and flaws can be exploited and/or if attack attempts may be successful
- Performs analysis, triage and responds to escalated security events and incidents from logs, threat identification and protection systems and other sources
- Effectively aggregates, analyzes and reacts to threat intelligence data using feeds and analytics platforms
- Analyzes suspicious network traffic, phishing attacks, malware and other malicious activity; responds effectively to contain and eradicate malicious activity
- Provides technical leadership investigating and resolving security events and incidents; coordinates among internal support teams and external managed security services providers to drive event and incident resolution
- Performs digital forensic analysis and data gathering for internal investigations
- Provides on-call support after hours when critical problems/issues arise
- Drives continuous process and technology improvements
- Maintains awareness of evolving security threats
- Participates in PCI DSS and other compliance audits
- Performs other essential security tasks as assigned
- Embodies the Alaska Spirit and conducts oneself with Professionalism, Integrity, Resourcefulness, and Caring
- Other duties as assigned
- Bachelor's degree with specialization in Information Security, Computer Science or a related discipline, or equivalent experience required
- Completion of a digital forensics training program resulting in an institutional or vendor certification preferred
- Industry recognized professional security certification such as CISSP, GCIH, GCIA, or CEH preferred
- Minimum of 6 years of information security experience in technical disciplines within the last eight years required
- Experience with threat assessment, vulnerability analysis, risk assessment required
- Experience with virus outbreak management and the ability to differentiate virus activity from directed attack patterns, required
- Experience with SIEM technologies and forensics tools required
- Hands on experience with at least one of: wired network technologies (routers, switches, FW), wireless technologies, Linux, Windows/AD, Oracle, web applications & services, cryptography, mobile platforms, or secure software development, required
- Experience gathering information, correlating data, and generating reports on threats, vulnerabilities and risks
- Experience setting policy for host firewalls, DLP, content filtering, IPS, FIM, anti-virus and other security solutions, appliances and tools
- Understands attacker methodologies and tactics, including kill-chain analysis
- Ability to perform malicious code reverse engineering and use sandbox technology to perform malware analysis
- Experience reviewing and analyzing network packet captures
- Experience with scripting language (Python / Perl / Shell)
- Ability to react quickly, decisively and deliberately in high stress situations
- Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents and interact with other teams
- Must be highly motivated with the ability to self-start, prioritize, multi-task and work in a team setting
- High school diploma or equivalent required
- Minimum age of 18
- Must be authorized to work in the U.S.
The location for this position is in Seattle, Washington
OUR CULTURE - ALASKA AIRLINES
For eligible employees, our company offers a unique total rewards package that few companies can match, including insurance coverage for medical, dental and vision care, 401(k) retirement savings plans, monthly and annual incentive bonus plans, time off and a generous employee travel program. Each day, we are guided by our core values of Professionalism, Caring, Resourcefulness, Integrity and Alaska Spirit at work and in our communities. Alaska Airlines also fosters a diverse and inclusive culture and is an Equal Opportunity Employer.
A few helpful tips when applying -
~Before applying, we recommend that you clear your browsing history including your temporary internet files and disable pop-up blockers. You can accomplish this by going to the Tools tab.
~Gather your paperwork, including your work history (we require 10 years of work history to be added to the application), resume etc. - before you apply to the position.
~ If you would like to include a cover letter, add it as your first page to your resume. Your resume is part of your application and unique to each position you apply to..
~Once in the application, be sure to use the links provided to return to the previous page if needed. The back button is not compatible with our system.
Alaska Airlines and Horizon Air do not tolerate discrimination or harassment on the basis of race, color, creed, religion, national origin, alienage or citizenship status, age, sex, sexual orientation, gender identity or expression, marital status, disability, protected veteran status, genetic information, or any other basis protected by applicable law. Employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants are also protected by law.
Alaska Airlines y Horizon Air no toleran discriminacion o acoso en base a raza, color, credo, religion, origen nacional, estatus migratorio de residencia o ciudadania, edad, sexo, orientacion sexual, identidad de genero o expresion, estado civil, discapacidad, estado veterano protegido, informacion genetica o cualquier otra base protegida por la legislacion aplicable. Empleados o aspirantes que indaguen, discutan o revelen su compensacion o la remuneracion de otros empleados o aspirantes tambien estan protegidos por ley.