Engineer Application Cybersecurity

At United Airlines, we are committed to keeping the world connected and uniting people across the globe. As a global company with a vast workforce and millions of customers, we are focused on enhancing the safety and security of our digital infrastructure. Our Cybersecurity and Digital Risk (CDR) team works diligently to integrate cybersecurity practices into every aspect of our airline's digital ecosystem. Join us in making United Airlines the safest and most secure airline in the world.

Key Responsibilities

1. Application Security Testing & Remediation (40%)

   • Perform manual and automated security assessments of applications, focusing on vulnerability analysis.
   • Conduct mobile application security tests, provide remediation guidance, and assist teams in addressing security issues.

2. Security Integration (20%)

   • Integrate security into the product development lifecycle, from design to deployment.
   • Develop and maintain Continuous Integration/Continuous Deployment (CI/CD) templates to automate security measures.

3. Security Best Practices (20%)

   • Define and communicate application security best practices, ensuring development teams follow secure coding guidelines.
   • Support security architecture design reviews and threat modeling of products.

4. Collaboration & Documentation (10%)

   • Work with development, product, and security teams to enforce secure development standards.
   • Create technical documentation and Standard Operating Procedures (SOPs) for security practices.

5. Continuous Improvement (10%)

   • Stay updated on the latest application security threats and trends, contributing to ongoing security enhancements.
   • Provide guidance on compliance frameworks, including NIST 800-53 and other security standards.

Minimum Qualifications

• Education:

  • Bachelor's degree in a STEM field (e.g., Computer Science, Engineering).

• Experience:

  • Minimum 3 years of experience in application security or a related field.

• Skills & Knowledge:

  • Understanding of OWASP Top 10, CWE 25, and basic threat modeling.
  • Proficiency with application security testing (e.g., SAST, DAST, IAST).
  • Working knowledge of programming/scripting languages (e.g., C#, Java, Python, Swift, JavaScript).
  • Understanding of DevSecOps principles and web security concepts (e.g., API security, authentication/authorization flows).
  • Familiarity with vulnerability management processes and remediation.
  • Basic understanding of cloud technologies, network security, and compliance frameworks (e.g., NIST 800-53).
  • Strong problem-solving, communication, and collaboration skills.

• Legal Authorization:

  • Must be authorized to work in the United States without sponsorship.

Preferred Qualifications

• Certifications:

  • AWS Certified Solutions Architect – Associate.
  • Certified Application Security Engineer (CASE).

• Experience:

  • Experience with threat modeling, secure coding, cryptography, and identity management.
  • Familiarity with AWS technologies and cloud security practices.

Benefits & Compensation

• Competitive Salary & Bonus
• Comprehensive Benefits: Medical, Dental, Vision, Life Insurance, Accident & Disability coverage.
• Parental Leave & Paid Time Off
• 401(k) Plan with company contributions
• Employee Assistance Program & Commuter Benefits
• Flight Privileges for employees