• Support sales assurance processes by assisting with questionnaire completion and contract reviews. • Assist in maintaining ISO 27001 compliance, through evidence collation and involvement with audits. • Help train AI agents, improve automation tools and continually improve manual processes. • Assist with managing supplier due diligence. • Maintain documentation and processes.

Role Description Ready to help strengthen and defend Southwest’s cybersecurity posture? As a Cybersecurity Analyst focused on Threat Intelligence and Threat Operations, you will actively monitor, analyze, and respond to security events while translating adversary intelligence into actionable outcomes. You will support Threat Hunting, Red Team, and Purple Team activities by ensuring detection and response strategies are grounded in real‑world threat behavior. This role also contributes to the continuous improvement of cybersecurity policies and procedures, strengthens protection of digital assets, and promotes a strong culture of security awareness and compliance across the organization. This role is offered as a remote workplace position, which may require travel for trainings, meetings, conferences, etc. Outside of those required visits, the majority of your working time may be spent in an approved remote location, away from our Corporate Campus. Please note, while this is a remote position, there is a limited group of states or localities ineligible for Employees to regularly perform their work off-site: - Alaska - California - Colorado - Delaware - Illinois - Iowa - Massachusetts - Maryland - Montana - New Jersey - New Hampshire - New York - North Dakota - South Dakota - Oregon - Pennsylvania - Vermont - Washington - West Virginia - Wyoming - Puerto Rico U.S. citizenship or current authorization to work in the U.S. required and no current or future work authorization sponsorship available. We’re committed to fair hiring practices and to making employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, military or veteran status, disability, genetic information, or other legally protected characteristics. Responsibilities - Demonstrate advanced analytical skills across diverse cybersecurity domains, leading the identification and resolution of complex cybersecurity issues in areas such as Incident Response, Threat Intelligence, Governance, Risk, and Compliance (GRC), Privacy, Vulnerability Management, and Engineering Operations. - Lead and actively participate in high-priority incident response efforts, taking ownership of critical activities related to the identification, containment, and resolution of security incidents, and providing mentorship to junior analysts. - Drive advanced threat intelligence initiatives, including the development of threat hunting strategies, proactive identification of emerging threats, and the implementation of innovative solutions to enhance the organization's security posture. - Take a lead role in vulnerability management, overseeing and improving the vulnerability assessments and scanning processes, and providing mentorship to junior and mid-level analysts. - Architect and lead the optimization of the organization's security infrastructure, overseeing the implementation of advanced cybersecurity controls, and ensuring the organization is prepared to address evolving cyber threats. - Take a leadership role in maturing GRC initiatives, ensuring comprehensive understanding, and proactively shaping cybersecurity regulations, standards, and best practices within the organization. - Lead privacy initiatives, overseeing the implementation and enforcement of privacy controls and practices, and ensuring the protection of sensitive information in compliance with relevant regulations. - Drive the continual improvement of cybersecurity practices and resilience, staying at the forefront of industry trends and emerging technologies to shape and enhance the organization’s advanced security posture. - Lead the development and execution of comprehensive cybersecurity training and awareness initiatives, tailoring programs to different audiences and providing mentorship to junior team members. - Play a key role in fostering collaboration across the organization, engaging with senior leadership, cross-functional teams, and external stakeholders, and representing the cybersecurity function at a strategic level. - May perform other job duties as directed by Employee's Leaders. Qualifications - Knowledge of various cybersecurity frameworks and standards (e.g., NIST, ISO 27001) to guide security initiatives. - Knowledge of data protection and privacy regulations (e.g., GDPR, CCPA) to ensure the safeguarding of sensitive information. - Knowledge of incident response procedures and methodologies for effective response to security incidents. - Skilled in conducting risk assessments and developing risk mitigation strategies. - Skilled in using security monitoring tools, SIEM systems, and intrusion detection systems for threat detection and analysis. - Skilled in written and verbal communication skills for reporting and conveying technical information to non-technical stakeholders. - Ability to proactively identify and assess risks, and implement mitigation strategies to protect the organization's assets. - Ability to monitor program risks, issues, and scope related to cybersecurity initiatives with the appropriate level of priority and escalation. - Skilled in collaborating with cross-functional teams and stakeholders to drive cybersecurity initiatives and risk management. - Ability to adapt to evolving threats, technologies, and best practices in the dynamic field of cybersecurity. Education - Required: High School Diploma or GED. Experience - Required: Intermediate-level experience, fully functioning broad knowledge in cybersecurity principles and concepts, developing skills and knowledge in information technology (IT) operations, programming, systems/software development or another IT related field. - Preferred: Experience in bridging deep technical threat analysis with strategic business risk, with experience in AI augmented security operations and cloud native environments. - Preferred: Experience in adversary and threat modeling using frameworks such as MITRE ATT&CK, Diamond Model, and Cyber Kill Chain. - Preferred: Experience managing the full Cyber Threat Intelligence lifecycle, including requirement definition, collection, analysis, and delivery of actionable intelligence. - Preferred: Experience in malware analysis, network traffic analysis, and log analysis to identify and validate Indicators of Compromise (IOCs). Physical Abilities - Ability to perform work duties from limited space work station/desk/office area for extended periods of time. - Ability to communicate and interact with others in the English language to meet the demands of the job. - Ability to use a computer and other office productivity tools with sufficient speed and accuracy to meet the demands of the job. Other Qualifications - Must maintain a well-groomed appearance per Company appearance standards as described in established guidelines. - Must be a U.S. citizen or have authorization to work in the United States as defined by the Immigration Reform Act of 1986. - Must be at least 18 years of age. - Must be able to comply with Company attendance standards as described in established guidelines. - Must be able to travel and/or attend Company and non-Company facilities and remote locations as necessary. Pay & Benefits Competitive market salary from $98,650 - $109,600 per year* depending on qualifications and experience, with opportunity for future pay increases based on performance and market movement. For eligible leadership and individual contributor roles, additional bonus opportunities are available and awarded at the discretion of the company. - Fly for free, as a privilege, on any open seat on all Southwest flights (your eligible dependents too). - Southwest will help fund your Retirement Savings Plan with Company contributions up to 9.3% of your eligible earnings**. - Potential for annual ProfitSharing contribution in the Southwest Retirement Savings Plan - when Southwest profits, you profit***. - Competitive health insurance for you and your eligible dependents (including pets). - Southwest offers health plan coverage options that start from the very first day of employment. You will have 30 days to select and enroll in your health plan with coverage retroactively available to your first day of employment. Explore more Benefits you’ll love: https://careers.southwestair.com/benefits *Pay amount doesn’t guarantee employment for any particular period of time. **401(k) match contributions are subject to the plan’s vesting schedule and applicable IRS limits. ***ProfitSharing contributions are subject to plan’s vesting schedule and are made at the discretion of the Company. Southwest Airlines is an Equal Opportunity Employer. Please print/save this job description because it won't be available after you apply.

• Coordinate the deployment, configuration, testing, monitoring, and ongoing maintenance of security technologies, including SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, URL filtering, email security, and application/vulnerability scanning platforms. • Lead small-to-medium-sized security initiatives from requirements gathering through design, testing, pilot execution, and implementation. • Support proof-of-concept evaluations and product assessments to ensure proposed solutions align with security strategy, standards, and industry best practices. • Act as a service or tool owner by identifying enhancements, maintaining operational runbooks, and recommending improvements for tools under your responsibility. • Develop and maintain procedures, workflows, architecture diagrams, and operational playbooks that support security monitoring and engineering activities. • Investigate and triage security events using technologies such as SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, and email security solutions. • Detect, respond to, and support investigations of security incidents while documenting root-cause analysis and lessons learned. • Follow established incident response procedures and playbooks, escalating critical findings appropriately and efficiently. • Apply analytical and adversarial thinking to identify, protect, detect, respond to, and recover from common cyber threats and attack vectors. • Perform and support secure baseline reviews, infrastructure scanning, endpoint scanning, application vulnerability assessments, penetration testing validation, and AI red-teaming exercises. • Review vulnerability findings for accuracy and completeness while partnering with stakeholders to prioritize remediation efforts based on risk. • Escalate critical vulnerabilities, zero-day threats, and high-priority risks while supporting rapid mitigation efforts. • Contribute to continuous improvements in vulnerability management workflows through automation and the integration of security testing into CI/CD pipelines. • Conduct security risk assessments for internal initiatives, product enhancements, vendors, and productivity tools. • Perform STRIDE-based threat modeling for internal projects and AI-enabled solutions, producing actionable recommendations and clear risk reports. • Apply a risk-based approach to evaluating Agentic AI technologies and AI-related security risks. • Conduct vendor risk assessments within OneTrust and support broader third-party risk management activities. • Identify opportunities to strengthen controls, improve processes, and enhance security outcomes across teams. • Stay informed on emerging threats, technologies, and industry best practices, sharing relevant insights with colleagues and stakeholders.

• Support the Texas Comptroller of Public Accounts on the Centralized Accounting and Payroll/Personnel System (CAPPS) Program. • Deliver highly advanced, senior-level consultative services and technical assistance in support of CAPPS security architecture, configuration, and compliance across HR/Payroll, Financials, STARR, and all ancillary systems. • Manage and enforce the CAPPS security framework, including role-based access control, segregation of duties, identity governance, and secure third-party integrations. • Provide Level 2 Service Desk support, system configuration and maintenance, and participation in major incident management, disaster recovery, and audit activities. • Monitor and analyze authentication, authorization, and privilege escalation logs for suspicious behavior; coordinate findings with the CPA Information Security Office. • Oversee secure integration of third-party applications via SAML, OAuth, OIDC, SCIM, and custom APIs. • Respond to and investigate identity-related security incidents, including account compromise, unauthorized access, and fraud indicators. • Review, validate, and suggest approval for all assigned security deliverables related to CAPPS Architecture, System Development Lifecycle, Disaster Recovery, and Security Plans (SSP). • Plan, design, develop, deploy, support, and maintain system configurations and modifications for the CAPPS HR/Payroll application to ensure accuracy, efficiency, and policy adherence. • Ensure all digital products and content meet WCAG 2.1 accessibility standards, regularly reviewing for compliance and implementing remediation as needed.