Apply on Employer Site

United Airlines · 4 hours ago

Senior Architect - Application Cybersecurity (Remote)

United States

Full-time

Remote

Mid, Senior Level

$112K/yr - $147K/yr

3+ years exp

United Airlines is a global airline company seeking a Senior Architect - Application Cybersecurity to join their Cybersecurity and Digital Risk team. The role involves ensuring applications are designed according to secure development standards, integrating security into the product lifecycle, and providing guidance on security best practices and compliance.

HospitalityIn-Flight EntertainmentService IndustryTransportationTravel

No H1B

Responsibilities

Analyze security requirements, design and develop applications to automate security review, compliance validation, and security operations, leveraging application security testing and monitoring solutions

Improve the accessibility of security through automation, continuous integration pipelines, and other means

Research, define and drive for security best practices and standards and ensure products development teams understand them; Create technical documentation and Standard Operating Procedures (SOPs) as needed

Support security architecture design and analysis and improve our products. Perform code analysis of applications, manually and using SAST, DAST, and SCA scanning solutions as well as conducting manual vulnerability analysis

Technical point of contact for product teams as it relates to automation, CI/CD, and remediation guidance

Qualification

PythonDevSecOps technologyApplication security toolsRisk management processesAPI architectureMicroservices architectureThreat modelingVulnerability managementCloud security technologiesProblem solvingCritical thinkingInterpersonal skillsCollaborationWritten communicationVerbal communicationSelf-motivation

Required

Bachelor's degree required, STEM field highly preferred

Minimum of 3 years of experience in a related field

Proficiency with application development programming with Python

Proficiency with various software architectures including API, microservices

Proficiency with scripting

Understanding of OWASP Top 10 and/or CWE 25

Basic understanding of threat modeling

Proficiency with DevSecOps technology (i.e., CI/CD, AWS, Harness, TeamCity, GitHub, Artifactory, CHEF, CloudWatch)

Proficiency with application security tools and testing (i.e., SAST, DAST, MAST, RAST, IAST)

Proficiency with risk management processes

Knowledge of common vulnerabilities and attack vectors, ubiquitous encryption technologies, and/or common authentication protocols

Basic knowledge of cloud security infrastructure technologies (i.e., K8s, service mesh, micro-services)

Proficiency with vulnerability management processes and providing remediation guidance

Basic understanding of compliance frameworks (e.g., NIST 800-53) and processes

Ability to work independently and self-motivate

Excellent problem solving, critical thinking, interpersonal, collaboration, written and verbal communication skills

Must be legally authorized to work in the United States for any employer without sponsorship

Successful completion of interview required to meet job qualification

Reliable, punctual attendance is an essential function of the position

Preferred

Certifications like CASE, AWS CSAA, CEH, GSEC, CISM, Security+, CISSP, CISA, SSCP, CASP+, OSCP

Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security, cloud computing

Proficiency with various software architectures including API, microservices

Basic understanding of networks and network security (i.e., WAF, Micro-segmentation)

Application penetration testing to demonstrate and test exploitability of vulnerabilities

Understand infrastructure as code (CDK, CloudFormation, Terraform, etc.)

Proficiency with cryptography

Proficiency with technical understanding of IAM (i.e., authentication and authorization)