Engineer - Application Cybersecurity

United Airlines - Chicago, IL

posted 3 months ago

Full-time - Mid Level
Chicago, IL
5,001-10,000 employees
Air Transportation

About the position

As an Engineer in Application Cybersecurity at United Airlines, you will play a crucial role in ensuring that our services, applications, and websites are designed and implemented in accordance with our secure development standards. This position is part of the Cybersecurity and Digital Risk (CDR) team, which is dedicated to safeguarding the information of our customers and employees. Your primary mission will be to integrate cybersecurity into the product lifecycle, from design through deployment, thereby reducing business risk through the implementation of strong cybersecurity best practices. In this role, you will collaborate closely with development teams, product teams, and various other departments across the organization. You will be responsible for enforcing security requirements, conducting application security assessments, and providing developers with guidance on remediation strategies. Additionally, you will support security architecture design reviews and threat modeling for our products, whether they are cloud-based or on-premises. Your work will also involve researching, defining, and communicating security best practices and standards, ensuring that product development teams fully understand and adhere to them. You will focus on improving the accessibility of security through automation and continuous integration pipelines, and you will perform code analysis of applications using various scanning solutions, as well as conducting manual vulnerability assessments. As a technical point of contact, you will assist product teams with automation, CI/CD processes, and remediation guidance, contributing to a culture of continuous improvement and learning within the organization.

Responsibilities

  • Validate that services, applications, and websites comply with United's secure development standards.
  • Collaborate with development and product teams to integrate security into the product lifecycle.
  • Enforce security requirements and perform application security assessments.
  • Provide developers with remediation guidance and advice.
  • Support security architecture design reviews and threat modeling for products.
  • Research, define, and communicate security best practices and standards.
  • Improve accessibility of security through automation and continuous integration pipelines.
  • Perform code analysis of applications using SAST, DAST, and SCA scanning solutions.
  • Conduct manual vulnerability analysis of applications.
  • Assist product teams as a technical point of contact regarding automation, CI/CD, and remediation guidance.

Requirements

  • Bachelor's degree in a STEM field required.
  • Minimum of 3 years of experience in a related field.
  • Understanding of OWASP Top 10 and CWE 25; ability to implement and integrate remediation strategies.
  • Ability to collaborate with development teams to build secure solutions and communicate risks effectively.
  • Knowledge of common vulnerabilities, attack vectors, encryption technologies, and authentication protocols.
  • Familiarity with application risk assessment, risk categorization, and application security testing tools.
  • Understanding of secure network and system design in both cloud and conventional environments.
  • Ability to work independently and self-motivate.
  • Excellent problem-solving, critical thinking, interpersonal, collaboration, written, and verbal communication skills.
  • Must be legally authorized to work in the United States without sponsorship.

Nice-to-haves

  • Experience with threat modeling, secure coding, identity management, and authentication.
  • Familiarity with software development, cryptography, system administration, and network security.
  • Experience with cloud computing.
  • Familiarity with waterfall and agile development processes and integrating secure development practices into both.
  • Experience with multiple programming languages.
  • Familiarity with Secure SDLC frameworks across a large corporation.

Benefits

  • Competitive salary range of $80,775 to $118,470 based on experience, education, and skills.
  • Parental leave.
  • 401k retirement plan.
  • Space available travel privileges.
  • Health insurance coverage.
  • Employee-run Business Resource Group communities.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service