Apply on Employer Site

United Airlines · 1 day ago

Principal Architect - Application Cybersecurity (Remote)

United States

Full-time

Remote

Senior Level, Lead/Staff

$137K/yr - $179K/yr

7+ years exp

United Airlines is a global company striving to become the best airline in aviation history, focusing on cyber safety and resilience. The Principal Architect - Application Cybersecurity will lead the design and development of security solutions, working closely with various teams to ensure applications meet secure development standards and improve operational efficiency.

HospitalityIn-Flight EntertainmentService IndustryTransportationTravel

No H1B

Responsibilities

Leads architecture design and development of United compliance automation system that eliminates manual effort for security assessment and compliance measurements

Analyze security requirements and controls, develop automated solutions to facilitate security review, compliance validation, and security operations

Recommends and implements products/services that support operational needs and security requirements

Technical point of contact for product teams as it relates to automation, CI/CD, and remediation guidance

Assist in the design, development, and implementation of security tools, best practices and standards and ensure product development teams understand them

Promotes and contributes to the continuous improvement of security strategy and supports risk prioritization

Helps train and support team members

Leads the improvement of the accessibility of security through automation, continuous integration pipelines, and other means

Educate and mentor junior team members

Ensures program(s) is meeting intended purpose and metrics

Qualification

Application SecuritySecurity AutomationDevSecOpsRisk ManagementCloud TechnologiesPythonJavaOWASP Top 10Threat ModelingVulnerability TestingCompliance FrameworksInterpersonal SkillsProblem SolvingCollaborationCommunication Skills

Required

Bachelor's degree in STEM, Computer Science, or relevant field

Minimum of 7 years of experience in related field, with a preference for significant career focus in both application security and software design and development (Python and/or Java preferred)

Expert knowledge of application security and OWASP Top 10

Proficiency in areas like threat modeling, vulnerability testing, risk management methodologies and processes

Proficiency with security automation tooling and methods (i.e., TerraForm, Ansible, containerization, SBOM)

Proficiency with application testing (i.e., SAST, DAST, MAST, Pen Test tooling)

Proficiency with scripting (i.e., PowerShell, Python, Perl, Bash)

Proficiency with DevSecOps and CI/CD technology stacks (i.e., IaC, AWS, Harness, TeamCity, GitHub, Artifactory, CHEF, CloudWatch)

Proficiency with web and app security stack (e.g., API security)

Proficiency with vulnerability management processes and providing remediation guidance

Proficiency in the understanding of compliance frameworks (i.e., NIST 800-53, ISO 27001, or OWASP frameworks) and processes

Proficient in risk management methodologies

Proficient in cloud technologies (AWS preferred)

Ability to work independently and self-motivate

Excellent problem solving, critical thinking, interpersonal, collaboration, written and verbal communication skills

Must be legally authorized to work in the United States for any employer without sponsorship

Successful completion of interview required to meet job qualification

Reliable, punctual attendance is an essential function of the position

Preferred

Master's degree

Proficiency with programming languages (i.e., Python, Java, .Net) and modern programming language structure (e.g., Object Oriented Programming, web framework)

Proficiency in cryptography

Proficient knowledge of IAM (i.e., authentication and authorization)

Proficient understanding of networks and network security (i.e., WAF, Micro-segmentation)

Certified Information Systems Security Professional (CISSP), or equivalent

Certifications like CEH, GSEC, CISM, Security+, CSSLP, CISA, SSCP, CASP+, or OSCP

Minimum of 12 years of combined experience in application development and cybersecurity

Proficiency with application penetration testing to demonstrate and test exploitability of vulnerabilities

Proficiency in waterfall and agile development processes and ability to integrate secure development practices into both models

Success in implementing effective Secure SDLC frameworks across a large corporation

Proficient knowledge of AWS cloud security infrastructure technologies (i.e., serverless computation, containerization, service mesh, micro-services)

Proficient in LLM/GenAI technologies

Proficient in mobile development technologies