United Air Lines, Inc
Principal Architect - Application Cybersecurity (Remote)
United Air Lines, Inc, Baltimore, Maryland, United States, 21276
Overview
Connecting People. Uniting the World. United Airlines is a global company operating in hundreds of locations worldwide with millions of customers and tens of thousands of employees. The company aims to uplift and provide opportunities where we work, live and fly. The Cybersecurity and Digital Risk (CDR) team protects operations by enabling secure and resilient systems, managing threats and vulnerabilities, and ensuring swift response and recovery. The mission is to embed cybersecurity and digital risk management into every aspect of the business while promoting a cyber-safe environment that supports resilient airline operations. United offers a competitive benefits package aimed at keeping you happy, healthy, and well-traveled, including employee resource groups, parental leave, 401(k), and travel privileges. Apply today to help keep our airline cyber safe. Job overview and responsibilities
The Principal Architect - Application Cybersecurity validates that services, applications, and websites are designed and implemented in accordance with United\'s secure development standards. This senior role works closely with development teams, product teams, and other groups to design and develop security solutions, integrate security into the product lifecycle from design through deployment, and provide remediation guidance. Responsibilities include: Leads architecture design evaluations and threat modelling of products (cloud and on-prem); recommends and implements products/services that meet operational and security requirements Technical point of contact for product teams regarding automation, CI/CD, and remediation guidance Lead design, development, and implementation of security tools, best practices, and standards; ensure product development teams understand them Perform code analysis of applications (manual and via SAST, DAST, and SCA); conduct manual vulnerability analysis Promote and contribute to continuous improvement of security strategy and risk prioritization Train and support team members; mentor junior staff Improve accessibility of security through automation, CI pipelines, and other means Ensure programs meet intended purpose and metrics Qualifications
Minimum Qualifications : Bachelor\'s degree in STEM or Computer Science Minimum 7 years of related experience Expert knowledge of OWASP Top 10 Proficiency in threat modeling Expert knowledge of risk management methodologies and processes Expert knowledge in DevSecOps (CI/CD, IaC, PaC, CaC) Proficiency with security automation tooling and methods (e.g., Terraform, Ansible, containerization, SBOM) Proficiency with application testing (SAST, DAST, MAST, Pen Test tooling) Proficiency with scripting (PowerShell, Python, Perl, Bash) Proficiency with programming languages (Python, Java, .Net) and modern programming concepts Proficiency with CI/CD technology stacks (AWS, Harness, TeamCity, GitHub, Artifactory, CHEF, CloudWatch) Proficiency with Software Development Lifecycle processes Proficiency with web and app security stack (API security) Proficiency with vulnerability management processes and remediation guidance Understanding of compliance frameworks (e.g., NIST 800-53, OWASP) and processes Proficiency in cryptography Proficient knowledge of IAM (authentication and authorization) Proficient understanding of networks and network security (e.g., WAF, micro-segmentation) Proficient in risk management methodologies Proficient in cloud technologies Ability to work independently and self-motivate Strong problem solving, critical thinking, interpersonal, collaboration, and communication skills Certified Information Systems Security Professional (CISSP), or equivalent Must be legally authorized to work in the United States for any employer without sponsorship Successful completion of interview required to meet job qualification Reliable, punctual attendance is an essential function Preferred Qualifications : Master\'s degree Certified Ethical Hacker (CEH) GIAC Security Essentials (GSEC) Certified Information Security Manager (CISM) CompTIA Security+ CSSLP, CISA, SSCP, CASP+ OSCP, and other security certifications Minimum of 12 years of related experience including threat modeling, secure coding, mobile and API security, identity management, cryptography, and cloud security Proficiency with application penetration testing to assess exploitability Experience with Secure SDLC frameworks across a large organization Proficient knowledge of cloud security infrastructure technologies (containerization, service mesh, micro-services) Proficient in LLM/GenAI technologies Proficient in mobile development technologies
#J-18808-Ljbffr
Connecting People. Uniting the World. United Airlines is a global company operating in hundreds of locations worldwide with millions of customers and tens of thousands of employees. The company aims to uplift and provide opportunities where we work, live and fly. The Cybersecurity and Digital Risk (CDR) team protects operations by enabling secure and resilient systems, managing threats and vulnerabilities, and ensuring swift response and recovery. The mission is to embed cybersecurity and digital risk management into every aspect of the business while promoting a cyber-safe environment that supports resilient airline operations. United offers a competitive benefits package aimed at keeping you happy, healthy, and well-traveled, including employee resource groups, parental leave, 401(k), and travel privileges. Apply today to help keep our airline cyber safe. Job overview and responsibilities
The Principal Architect - Application Cybersecurity validates that services, applications, and websites are designed and implemented in accordance with United\'s secure development standards. This senior role works closely with development teams, product teams, and other groups to design and develop security solutions, integrate security into the product lifecycle from design through deployment, and provide remediation guidance. Responsibilities include: Leads architecture design evaluations and threat modelling of products (cloud and on-prem); recommends and implements products/services that meet operational and security requirements Technical point of contact for product teams regarding automation, CI/CD, and remediation guidance Lead design, development, and implementation of security tools, best practices, and standards; ensure product development teams understand them Perform code analysis of applications (manual and via SAST, DAST, and SCA); conduct manual vulnerability analysis Promote and contribute to continuous improvement of security strategy and risk prioritization Train and support team members; mentor junior staff Improve accessibility of security through automation, CI pipelines, and other means Ensure programs meet intended purpose and metrics Qualifications
Minimum Qualifications : Bachelor\'s degree in STEM or Computer Science Minimum 7 years of related experience Expert knowledge of OWASP Top 10 Proficiency in threat modeling Expert knowledge of risk management methodologies and processes Expert knowledge in DevSecOps (CI/CD, IaC, PaC, CaC) Proficiency with security automation tooling and methods (e.g., Terraform, Ansible, containerization, SBOM) Proficiency with application testing (SAST, DAST, MAST, Pen Test tooling) Proficiency with scripting (PowerShell, Python, Perl, Bash) Proficiency with programming languages (Python, Java, .Net) and modern programming concepts Proficiency with CI/CD technology stacks (AWS, Harness, TeamCity, GitHub, Artifactory, CHEF, CloudWatch) Proficiency with Software Development Lifecycle processes Proficiency with web and app security stack (API security) Proficiency with vulnerability management processes and remediation guidance Understanding of compliance frameworks (e.g., NIST 800-53, OWASP) and processes Proficiency in cryptography Proficient knowledge of IAM (authentication and authorization) Proficient understanding of networks and network security (e.g., WAF, micro-segmentation) Proficient in risk management methodologies Proficient in cloud technologies Ability to work independently and self-motivate Strong problem solving, critical thinking, interpersonal, collaboration, and communication skills Certified Information Systems Security Professional (CISSP), or equivalent Must be legally authorized to work in the United States for any employer without sponsorship Successful completion of interview required to meet job qualification Reliable, punctual attendance is an essential function Preferred Qualifications : Master\'s degree Certified Ethical Hacker (CEH) GIAC Security Essentials (GSEC) Certified Information Security Manager (CISM) CompTIA Security+ CSSLP, CISA, SSCP, CASP+ OSCP, and other security certifications Minimum of 12 years of related experience including threat modeling, secure coding, mobile and API security, identity management, cryptography, and cloud security Proficiency with application penetration testing to assess exploitability Experience with Secure SDLC frameworks across a large organization Proficient knowledge of cloud security infrastructure technologies (containerization, service mesh, micro-services) Proficient in LLM/GenAI technologies Proficient in mobile development technologies
#J-18808-Ljbffr