United Airlines Analyst - IT Application Security in Chicago, Illinois
We have a wide variety of career opportunities around the world — come find yours.
The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.
Job overview and responsibilities
Come join a leading information security team in the aviation sector to help protect our customers and employees!
The Bug Bounty Analyst would be responsible for handing the intake of submissions and managing the metrics of United’s Bug Bounty program. In this role the Analyst will be charge of public-facing communication with information security researchers and working with internal teams as they guide each submission from acceptance to remediation to awarding the submitter. The Analyst would also be responsible for developing proactive tools and processes in response to remediated bug bounty findings.
If you're looking to further develop your skills through a variety of challenges and perform impactful work, this job is for you!
Provide L1 support for United’s Bug Bounty queue including:
Triage and test submissions to ensure they are valid, in-scope, and have not been submitted previously.
Escalating sensitive or critical submissions to the appropriate resources.
Address submitter’s questions in an efficient and professional manner.
Work with other team members to test submissions outside of the Analyst’s knowledge scope.
Answering developer questions, including demonstrating POCs for accepted submissions, working towards the goal of closing submissions within SLA.
Role involves occasional overnight testing of remediated bugs during Production releases.
Coordinating with the MileagePlus department to ensure submitters are paid promptly and accurately upon remediation of bugs.
Ensuring accurate tracking of submissions for weekly and monthly metrics which will be shared with leadership.
Analyzing submission trends to make recommendations for tooling and processes to proactively defend against additional security bugs.
- A BS or BA degree in a security-related field and/or at least two years of experience in information technology required.
- CEH, CREST, OSWP, SANS and/or other relevant certifications are preferred.
Good understanding of Information Security standards, frameworks, and best practices (e.g., OWASP, SANS, WASC).
Ability to offer reasonable remediation solutions to problems created by insecure code.
Demonstrable experience with at least two of the following languages: .Net, C#, Java, PHP, Objective-C, SQL, SOAP, REST, custom APIs, Python
Experience with at least one of the following scanning tools such as Fortify, WebInspect, Portswigger Burp, AppScan, Accunetix, OWASP Zap.
Excellent written and verbal communications skills including technical writing and documentation.
Demonstrated organizational skills with the ability to handle multiple projects.
Customer service experience.
At least two years of experience in information technology
Ability to lead by example and influence change with professionalism
Previous experience participating in Bug Bounty programs.
Knowledge and/or involvement in InfoSec culture.
Experience working with agile development groups.
Must be legally authorized to work in the United States for any employer without sponsorship
Candidate must currently have or meet the requirements to obtain a US Government SECRET security clearance
Successful completion of one or more interviews required to meet position qualifications
Reliable, punctual attendance at United’s World Headquarters in Chicago is an essential function of the position
Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT
Division: 47 Technology/IT
Function: Information Technology
Equal Opportunity Employer – Minorities/Women/Veterans/Disabled