Director - Application Security

Chicago, IL, United States

There’s never been a more exciting time to join United Airlines. We’re on a path towards becoming the best airline in the history of aviation. Our shared purpose – Connecting People, Uniting the World – is about more than getting people from one place to another. It also means that as a global company that operates in hundreds of locations around the world with millions of customers and tens of thousands of employees, we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly, and we can only do that with a truly diverse and inclusive workforce. And we’re growing – in the years ahead, we’ll hire tens of thousands of people across every area of the airline. Our careers include a competitive benefits package aimed at keeping you happy, healthy and well-traveled. From employee-run "Business Resource Group" communities to world-class benefits like parental leave, 401k and privileges like space available travel, United is truly a one-of-a-kind place to work. Are you ready to travel the world?

We believe that inclusion propels innovation and is the foundation of all that we do. United's Digital Technology team spans the globe and is made up of diverse individuals all working together with cutting-edge technology to build the best airline in the history of aviation. Our team designs, develops and maintains massively scaling technology solutions brought to life with innovative architectures, data analytics, and digital solutions.

Key Responsibilities:

The Director of Application Cybersecurity is responsible for overseeing and managing all aspects of cybersecurity related to applications within the organization. This role involves developing, implementing, and maintaining effective cybersecurity strategies, policies, and procedures to safeguard the organization's applications against cyber threats and attacks. The Director of Application Cybersecurity works closely with other departments within Cybersecurity and the broader enterprise to ensure compliance with industry regulations and standards, mitigate cybersecurity risks, and enhance verification and automation processes.

o Build and lead a team of cybersecurity professionals responsible for application security, providing guidance, mentorship, and professional development opportunities

· Strategy Development

o Develop and implement a comprehensive cybersecurity strategy specifically tailored to protect the organization's applications, integrating verification and automation principles

· Policy and Procedure Development

o Establish and enforce cybersecurity policies and procedures related to application security, including secure coding practices, verification & automation, vulnerability management, and incident response

· Application Security Assessment

o Conduct regular assessments and audits of applications to identify and address security vulnerabilities and ensure compliance with security standards

· Security Architecture Review

o Collaborate with the IT architecture team to review and enhance the security architecture of applications, including recommending security controls and technologies

· Security Awareness Training

o Develop and deliver training programs to educate employees about application security standard processes and raise awareness about potential cyber threats

o Support incident response team in investigating and responding to cybersecurity incidents related to applications, including conducting root cause analysis and implementing corrective actions

· Compliance and Regulatory Requirements

o Stay abreast of industry regulations and standards related to application security

· Risk Assessment and Management

o Identify and assess cybersecurity risks associated with applications and develop risk mitigation strategies to address them

This position is remote and would require approximately 10% travel.

United values diverse experiences, perspectives, and we encourage everyone who meets the minimum qualifications to apply. While having the “desired” qualifications make for a stronger candidate, we encourage applicants who may not feel they check ALL of those boxes! We are always looking for individuals who will bring something new to the table!

Qualifications

What’s needed to succeed (Minimum Qualifications):

· Bachelor's degree

· 12+ years of experience working in security-focused roles

· Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams

· Proficiency in security assessment tools and techniques, such as static and dynamic application security testing (SAST and DAST)

· Strong understanding of web application security concepts, including OWASP Top 10 vulnerabilities, with knowledge of verification and automation tools and techniques

· Extensive experience in cybersecurity roles, with a focus on application security and secure software development practices, including verification and automation

· Experience in developing and implementing cybersecurity policies, procedures, and standards, with a focus on integrating verification and automation principles

· Knowledge of regulatory requirements and compliance frameworks related to application security

· Strong analytical and problem-solving skills

· Continuous learning mentality to keep up with evolving cybersecurity threats, technologies, and advancements in verification and automation

· Must be legally authorized to work in the United States for any employer without sponsorship

· Successful completion of interview required to meet job qualification

· Reliable, punctual attendance is an essential function of the position

What will help you propel from the pack (Preferred Qualifications):

· Master's degree

· 15+ years of experience working in security focused roles

· Certified Ethical Hacker (CEH)

· GIAC Security Essentials (GSEC)

· Certified Information Security Manager (CISM)

· Comp TIA Security · Certified Information Systems Security Professional (CISSP)

· Systems Security Certified Practitioner (SSCP)

· CompTIA Advanced Security Practitioner (CASP+)

· Offensive Security Certified Professional (OSCP)

· AWS Solution Architect Pro., Networking, and Security Specializations

· Knowledge of application security aspects of industrial control networks is a plus

· Strong experience and in-depth knowledge of Security Technical Implementation Guide standards and implementation

The salary for this position is $157,725 to $231,330, dependent on job-related, non-discriminatory factors such as experience, education and skills. This range is based on a full-time schedule.

Other Comp:

At United, we offer a competitive compensation package, with benefits including medical, dental, vision, life, accident and disability, parental leave, employee assistance program, commuter, paid holiday, paid time off, 401(k) plan with employee and company contribution opportunities, and flight privileges.

United Airlines is an equal opportunity employer. United Airlines recruits, employs, trains, compensates and promotes regardless of race, religion, color, national origin, gender identity, sexual orientation, physical ability, age, veteran status and other protected status as required by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions. Please contact [email protected] to request accommodation.

Equal Opportunity Employer - Minorities/Women/Veterans/Disabled/LGBT

#J-18808-Ljbffr