Principal Engineer, Information Security (DevSecOps)

Summary As a Principal DevOps Engineer at Allegiant, you’ll play a key role in the delivery of highly reliable, scalable, and maintainable systems. You’ll guide Allegiant’s cloud transformation efforts to ensure our systems and applications remain highly resilient while adding cloud native functionality to achieve long‑term scalability and stability. You’ll play an integral role in the architecture design, solutioning, development, deployment, and continuing support of Allegiant’s cloud infrastructure.

You’re comfortable working independently as well as supporting other team members. You’re pragmatic, tenacious, and comfortable with ambiguity. You’ll be able to balance technical leadership and acumen with strong business judgment to make the right decisions about technology choices.

You’ll strive for simplicity, while bringing technical insights into how to refine and improve the system, ultimately ensuring performance, stability, and an exceptional end‑user experience. Responsibilities Pipeline security engineering: Production experience building and maintaining security scanning stages in CI/CD pipelines with GitHub Actions. Must demonstrate pipelines that run in production today.

Application security tooling at scale: Hands‑on administration of GitHub Advanced Security or equivalent (Snyk, Veracode, Checkmarx) in an organization with 50+ repositories. Must show evidence of driving developer adoption of scan results. Infrastructure‑as‑code policy: Experience writing and enforcing custom Checkov policies (or Bridgecrew, tfsec, Sentinel) against Terraform codebases.

Must describe policies they authored and the compliance or security outcomes. Cloud infrastructure security: Deep knowledge of AWS security constructs: Control Tower, IAM (including ABAC patterns), VPC architecture, Transit Gateway, and multi‑account strategies. Must have operated these in production.

CNAPP operations: Experience operating a cloud‑native application protection platform (Palo Alto Cortex Cloud preferred, Prisma Cloud, Wiz, or Orca acceptable). Must describe onboarding workflows, policy tuning, and integration with engineering teams. Delivery track record: Candidates must provide specific examples of security tooling they shipped that was adopted by development teams.

AI security and MCP governance: Demonstrated experience securing agentic AI workflows: MCP server trust boundaries, AI gateway configuration, prompt injection mitigation, or tool‑use authorization policies. Communication and mentorship: Able to coach junior and mid‑level engineers through hands‑on pairing, clear documentation, and direct feedback. Comfortable presenting architecture decisions to security leadership and engineering stakeholders.

Own and drive the DevSecOps roadmap across pipeline security, IaC policy enforcement, application security tooling, and cloud security posture management. Lead the DevSecOps team (two engineers) in daily execution, weekly syncs, and PI planning. Ensure stories are accurate, scoped, and deliverable.

Embed threat modeling into pipelines and workflows to provide real‑time analysis of architectural changes in products. Architect and maintain security gates in GitHub Actions CI/CD pipelines. Define when and how scans run, what blocks a merge, and how results route to developers.

Administer GitHub Advanced Security across the organization: CodeQL query suites, secret scanning policies, Dependabot configuration, and developer‑facing campaign management. Author and deploy Checkov custom policies for Terraform IaC scanning. Drive golden policy adoption from current 25 % pipeline coverage toward 75 %+ with hard‑fail enforcement.

Operate and configure Palo Alto Prisma or Cortex (CNAPP) for cloud security posture, image scanning, and AppSec integration. Manage Terraform‑based infrastructure security across multi‑account AWS environments using Control Tower, IAM, VPC, and Transit Gateway. Integrate security tooling outputs into SIEM and SOAR for alerting, triage, and response workflows.

Mentor two mid‑level engineers. Identify skills gaps, provide hands‑on training, and review their work. Collaborate with Security Governance to produce compliance evidence for PCI‑DSS, NIST, and CIS controls derived from DevSecOps tooling.

Support acquisition security assessments by evaluating incoming technology stacks against Allegiant’s IaC and pipeline security standards. Define and enforce security governance for agentic AI tooling, including MCP server registries, gateway configurations, and trust policies for AI‑to‑tool interactions. Document architecture decisions, policy rationale, and runbooks.

Maintain documentation quality standards across the DevSecOps team. Participate in SAFe Agile planning. Maintain strong Jira hygiene.

Assist security leadership in backlog prioritization and capacity negotiation with product owners. Qualifications Minimum Requirements Combination of Education and Experience will be considered. Must be authorized to work in the US as defined by the Immigration Act of 1986.

Must pass a Criminal Background Check. Education: Bachelor’s Degree. Certification: Technical certifications or equivalents; CISSP optional.

Years of Experience: Minimum three (3) years’ experience in information security. Minimum five (5) years’ supporting or implementing network security platforms and strategies. Preferred Requirements Has production experience across all four domains: application security, pipeline engineering, cloud infrastructure security, and IaC governance.

Has administered GitHub Advanced Security (CodeQL, secret scanning, Dependabot) for an organization with active developer adoption metrics. Has authored custom Checkov or equivalent IaC policies that enforced specific compliance or security outcomes in production pipelines. Has operated a CNAPP platform (Palo Alto Cortex Cloud, Prisma Cloud, Wiz, or Orca) including onboarding, policy configuration, and integration with engineering workflows.

Has integrated security scan outputs into a SIEM and SOAR (Cortex XSOAR preferred) platform. Has experience with Cloud Custodian or similar cloud governance automation. Has gathered compliance evidence from automated tooling for PCI‑DSS, NIST, or CIS audits.

Has led or mentored a small engineering team (2‑5 engineers). Has hands‑on experience securing agentic AI systems: MCP server configuration, AI gateway trust policies, tool‑use authorization, or prompt injection controls. Can provide references or artifacts demonstrating security tooling adopted by development teams in production.

Visa Sponsorship No Physical Requirements The Physical Demands and Work Environment described here are a representative of those that must be met by a Team Member to successfully perform the essential functions of the role. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the role. Office/IT – While performing the duties of this job, the Team Member is regularly required to stand, sit, talk, hear, see, reach, stoop, kneel, and use hands and fingers to operate a computer, keyboard, printer, and phone.

May be required to lift, push, pull, or carry up to 50 lb. May be required to work various shifts/days in a 24‑hour situation. Regular attendance is a requirement of the role.

Exposure to moderate noise (i.e. business office with computers, phones, printers, and foot traffic), temperature and light fluctuations. Ability to work in a confined area as well as the ability to sit at a computer terminal for an extended period of time. Some travel may be a requirement of the role.

EEO Statement We welcome all individuals from varied backgrounds and experiences to apply. Our company values the unique perspectives and talents that each person brings to our team. Equal Opportunity Employer: Disability/Veteran.

Salary $135,800 – $159,500 a year #J-18808-Ljbffr