United Airlines - Chicago, IL

posted 25 days ago

Full-time - Mid Level
Chicago, IL
5,001-10,000 employees
Air Transportation

About the position

The Engineer - Application Cybersecurity role at United Airlines is focused on ensuring that the company's services, applications, and websites adhere to secure development standards. This position involves collaborating with various teams to integrate security throughout the product lifecycle, from design to deployment, and to enforce security requirements effectively. The engineer will conduct application security assessments, provide remediation guidance, and improve security accessibility through automation and continuous integration practices.

Responsibilities

  • Validate that services, applications, and websites comply with secure development standards.
  • Collaborate with development and product teams to integrate security into the product lifecycle.
  • Support the enforcement of security requirements and perform application security assessments.
  • Conduct code analysis of applications using both manual methods and application security testing solutions.
  • Assist product teams with vulnerability remediation and manual vulnerability analysis.
  • Develop and maintain CI/CD templates to enhance security accessibility through automation.
  • Research and communicate security best practices and standards to development teams.
  • Support security architecture design reviews and threat modeling for products.

Requirements

  • Bachelor's degree in STEM.
  • Minimum of 3 years of experience in a related field.
  • Working knowledge of OWASP Top 10 and CWE 25.
  • Basic understanding of threat modeling and DevSecOps (e.g., CI/CD).
  • Working knowledge with application testing (e.g., SAST, DAST, MAST, RAST, IAST).
  • Familiarity with programming languages and scripting.
  • Basic understanding of the SDLC process and web/app security stack (e.g., API security).
  • Basic understanding of cloud technologies and security.
  • Basic understanding of vulnerability management processes and remediation guidance.
  • Basic understanding of compliance frameworks (e.g., NIST 800-53).
  • Experience with technical documentation and SOPs creation.
  • Basic understanding of cryptography and authentication/authorization flows in web applications.
  • Basic understanding of networks and network security (e.g., WAF, Micro-segmentation).
  • Ability to work independently and self-motivate.
  • Excellent problem-solving, critical thinking, interpersonal, collaboration, written and verbal communication skills.

Nice-to-haves

  • AWS Certified Solutions Architect - Associate
  • Certified Application Security Engineer
  • Experience with threat modeling, secure coding, identity management, software development, cryptography, system administration, and network security.
  • Experience with AWS technologies.
  • Working knowledge of C#, Java, Python, Swift, and JavaScript.

Benefits

  • Health insurance
  • Parental leave
  • 401k
  • Space available travel
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service