ForgeApply
Try it free

ForgeApply · Job listing

Principal Engineer, DevSecOps

Allegiantair

Las Vegas, NV, US$153k – $195konsiteOther

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

Short Description The Principal Engineer, Information Security (DevSecOps) is the technical lead for Allegiant's DevSecOps program. This person owns the security tooling, policies, and automation that protect code, infrastructure, and cloud workloads as they move through CI/CD pipelines into production. 

This is not a generalist security role. The principal engineer must have production experience across four disciplines simultaneously: application security, pipeline engineering, cloud infrastructure, and infrastructure-as-code (IaC) governance. The role also requires working knowledge of securing agentic AI workflows, including MCP server governance, AI gateway configuration, and trust boundaries for tool-using AI systems. The role requires someone who has shipped security tooling that development teams actually adopted, not just evaluated or recommended. 

The principal engineer leads a team of two mid-level engineers, unblocks technical problems, reviews architecture decisions, and drives delivery against committed program objectives. This person reports to the Senior Manager of Information Security Engineering and works closely with DevOps, Full Stack Engineering, and Security Governance. Allegiant is modernizing its web applications, expanding into new customer channels, and integrating a recent acquisition. Each of these increases the volume of code and infrastructure flowing through pipelines. 

This role ensures security keeps pace with that velocity. This role prepares the principal engineer for future promotion tracks including Architect I and Manager I. Summary DevSecOps Principal Engineer Key Duties: •    Proven and demonstrable ability to lead at least two other team members in an official capacity towards specific DevSecOps outcomes.  •    Lead the DevSecOps team (two engineers) in daily execution, weekly syncs, and PI planning. Ensure stories are accurate, scoped, and deliverable. •    Own and drive the DevSecOps roadmap across pipeline security, IaC policy enforcement, application security tooling, and cloud security posture management.  •    Embedding threat modeling into pipelines and workflows to provide real-time analysis of architectural changes in products. •    Architect and maintain security gates in GitHub Actions CI/CD pipelines. Define when and how scans run, what blocks a merge, and how results route to developers.  •    Administer GitHub Advanced Security across the organization: CodeQL query suites, secret scanning policies, Dependabot configuration, and developer-facing campaign management.  •    Author and deploy Checkov custom policies for Terraform IaC scanning. Drive golden policy adoption from current 25% pipeline coverage toward 75%+ with hard-fail enforcement.  •    Operate and configure Palo Alto Prisma or Cortex (CNAPP) for cloud security posture, image scanning, and AppSec integration.  •    Manage Terraform-based infrastructure security across multi-account AWS environments using Control Tower, IAM, VPC, and Transit Gateway.  •    Integrate security tooling outputs into SIEM and SOAR for alerting, triage, and response workflows.  •    Mentor two mid-level engineers. Identify skills gaps, provide hands-on training, and review their work.  •    Collaborate with Security Governance to produce compliance evidence for PCI-DSS, NIST, and CIS controls derived from DevSecOps tooling.  •    Support acquisition security assessments by evaluating incoming technology stacks against Allegiant's IaC and pipeline security standards.  •    Define and enforce security governance for agentic AI tooling, including MCP server registries, gateway configurations, and trust policies for AI-to-tool interactions.  •    Document architecture decisions, policy rationale, and runbooks. Maintain documentation quality standards across the DevSecOps team.  •    Participate in SAFe Agile planning. Maintain strong Jira hygiene. Assist security leadership in backlog prioritization and capacity negotiation with product owners. Pipeline security engineering: Production experience building and maintaining security scanning stages in CI/CD pipelines. Must demonstrate pipelines they have built that run in production today, not proofs of concept. GitHub Actions is required. Application security tooling at scale: Hands-on administration of GitHub Advanced Security or equivalent (Snyk, Veracode, Checkmarx) in an organization with 50+ repositories. Must show evidence of driving developer adoption of scan results, not just enabling tools. Infrastructure-as-code policy: Experience writing and enforcing custom Checkov policies (or Bridgecrew, tfsec, Sentinel) against Terraform codebases. Must be able to describe policies they authored and the compliance or security outcomes those policies enforced. Cloud infrastructure security: Deep working knowledge of AWS security constructs: Control Tower, IAM (including ABAC patterns), VPC architecture, Transit Gateway, and multi-account strategies. Must have operated these in production, not just designed them. CNAPP operations: Experience operating a cloud-native application protection platform (Palo Alto Cortex Cloud preferred, Prisma Cloud, Wiz, or Orca acceptable). Must describe onboarding workflows, policy tuning, and integration with engineering teams. Delivery track record: Candidates must provide specific examples of security tooling they shipped that was adopted by development teams. "Evaluated," "assessed," or "recommended" do not count. We need builders who finish. AI security and MCP governance: Demonstrated experience securing agentic AI workflows: MCP server trust boundaries, AI gateway configuration, prompt injection mitigation, or tool-use authorization policies. Candidates should be able to point to public work (GitHub repositories, blog posts, conference talks, or open-source contributions) showing hands-on engagement with AI security, not just awareness of the topic. Communication and mentorship: Able to coach junior and mid-level e

Ready to apply to Allegiantair?

Apply in about a minute

Similar jobs