United Airlines Principal Engineer - IT Application Security in Chicago, Illinois
As a Principal Engineer of IT Security (Application Security) Technology, you will create and lead the application security team's secure app design strategy to drive a defensive approach to the United Application ecosystem of mobile and web applications for our daily flight and airport operations as well as for our customers. You will be responsible for defining security requirements, proactively performing security assessments to prevent security vulnerabilities, conducting trainings/hackathons to raise developer awareness of security best practices and partnering closely with our development teams to produce innovative and secure solutions.
A successful candidate understands principles of application design across various web and mobile tech stacks. They should also be able to create secure application architecture standards for on-prem and cloud applications. This role will be instrumental in strategizing, deploying, and scaling application security solutions for high profile initiatives.
You will be spearheading application risk profile evaluations, threat modeling, creating security unit test patterns and providing risk mitigation/vulnerability management solutions for the application development teams.
You’ll act as a security leader within a collaborative team, spearheading security feature enhancements and application design updates to enable more secure applications for United Airlines. We are looking for someone who is passionate about the latest technologies and keeps a close eye on cyber security trends that impact our applications risk profile. The ideal candidate will play a foundational role in a new team, is self-motivated, has impeccable communication and critical solutioning skills.
Provide technical leadership to provide requirements for secure app design, identify secure user stories from standards framework, determine security controls and create framework for secure unit tests.
Analyze applications from a security perspective to discover security issues that appear under new threat scenarios.
Establish secure application design architecture standards, conduct code reviews of applications to identify areas of optimization related to fortifying application code and controls.
Provide strategic vision and strategy for secure app design optimization, automation and innovations that enable developers to successfully code defensively.
Evaluate data from Web Application Firewall, SAST/DAST scanning, Penetration Testing, Vulnerability Disclosure Program, Incident Reponses and Threat Intelligence functions to establish priorities and remediation of vulnerability classes.
A bachelor's degree preferably in a technical or scientific field or equivalent work experience
A minimum of seven years of IT management experience, with five years in an information security role
In-depth knowledge and understanding of information security concepts and principles as a means of relating business needs to security technologies
Good understanding of application security frameworks, standards, and best practices from OWASP, WASC, SANS. and other information security standards.
Demonstrable experience with object oriented programming languages. In depth experience with at least two of the following development languages: .Net, C#, Angular, React/Redux, Java, PHP, SQL, REST, SAML, Python, Swift, Kotlin
Familiarity with how APIs work and secure architecture design.
Experience with at least one code security review tool: Qualys, Veracode, Checkmarx, WhiteHat Sentinel, Tenable, Burp, etc.
Understanding and awareness of documentation required in a secure software development lifecycle
Ability to deliver ahead of or on milestones for project timelines
Strong leadership skills and the ability to work effectively with application developers and business owners
The ability to build strong relationships at all levels and across all business units and organizations, and understand business and security goals.
Experience delivering, implementing and administering complex technical security solutions
Impeccable executive presentation and clear communication skills for technical and non-technical audiences.
Experience working with cross-functional agile development teams
Experience creating application threat modeling
CISSP, SANS and/or relevant SANS certifications or strong demonstrated application of software security in code written by individual.
AWS Certified Security certification and/or other AWS certification
Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT
Division: 47 Technology/IT
Function: Information Technology
Equal Opportunity Employer – Minorities/Women/Veterans/Disabled